Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2016-8403

    An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Modera... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.15
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8347

    An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.... Read more

    Affected Products : webdatorcentral
    • EPSS Score: %1.28
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8341

    An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.... Read more

    Affected Products : integraxor
    • EPSS Score: %0.28
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8329

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated att... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.50
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8310

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnera... Read more

    Affected Products : flexcube_universal_banking
    • EPSS Score: %0.65
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-2246

    The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.... Read more

    Affected Products : p7-l10_firmware p7-l10
    • EPSS Score: %0.09
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8011

    Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.... Read more

    Affected Products : endpoint_security_web_control
    • EPSS Score: %0.30
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-7835

    Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.... Read more

    Affected Products : h2o h2o
    • EPSS Score: %3.16
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7614

    An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors.... Read more

    Affected Products : icloud
    • EPSS Score: %0.13
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7400

    Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, o... Read more

    Affected Products : exponent_cms
    • EPSS Score: %18.22
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-7144

    The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.... Read more

    Affected Products : unrealircd
    • EPSS Score: %2.39
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2016-7060

    The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.... Read more

    Affected Products : quickstart_cloud_installer
    • EPSS Score: %0.08
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6916

    Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, whi... Read more

    • EPSS Score: %0.05
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-6887

    The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.... Read more

    Affected Products : matrixssl
    • EPSS Score: %0.30
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6879

    The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.... Read more

    Affected Products : botan
    • EPSS Score: %0.18
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6103

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.15
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6095

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.39
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6800

    The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary fie... Read more

    Affected Products : ofbiz
    • EPSS Score: %2.35
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6772

    An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. ... Read more

    Affected Products : android
    • EPSS Score: %1.44
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6522

    Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.08
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291531 Results