Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-5762

    Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.... Read more

    Affected Products : groupwise
    • EPSS Score: %14.84
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5409

    Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.23
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4847

    Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.... Read more

    Affected Products : web_ui
    • EPSS Score: %0.51
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4293

    Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.... Read more

    Affected Products : hancom_office_2014
    • EPSS Score: %1.51
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7978

    Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.31
    • Published: Apr. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5653

    JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.... Read more

    Affected Products : cxf
    • EPSS Score: %3.17
    • Published: Apr. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2016-3037

    IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.27
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3036

    IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %1.18
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-5396

    Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.... Read more

    Affected Products : traffic_server
    • EPSS Score: %1.81
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6727

    The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android
    • EPSS Score: %5.74
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6726

    Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8256

    Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.... Read more

    • EPSS Score: %6.91
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-4874

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.... Read more

    Affected Products : office
    • EPSS Score: %0.23
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4867

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.... Read more

    Affected Products : office
    • EPSS Score: %0.22
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10331

    Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.... Read more

    Affected Products : photo_station
    • EPSS Score: %0.39
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8930

    Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application... Read more

    Affected Products : simple_invoices
    • EPSS Score: %0.12
    • Published: May. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0593

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate appli... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5655

    In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.... Read more

    Affected Products : ambari
    • EPSS Score: %0.15
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9573

    The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : nasb_mobile_bank
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9572

    The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : athens_state_bank_mobile
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292238 Results