Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-3996

    ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.... Read more

    Affected Products : knox
    • EPSS Score: %0.20
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3038

    IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.23
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-1597

    A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.... Read more

    Affected Products : access_governance_suite
    • EPSS Score: %0.36
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-1217

    Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.... Read more

    Affected Products : garoon
    • EPSS Score: %0.34
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10346

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10316

    Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to... Read more

    • EPSS Score: %0.22
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10275

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device co... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10176

    The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also... Read more

    Affected Products : wnr2000v5_firmware wnr2000v5
    • EPSS Score: %86.62
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-10103

    Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up... Read more

    Affected Products : automize
    • EPSS Score: %0.16
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2007-6760

    Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.... Read more

    Affected Products : ibootbar_firmware ibootbar
    • EPSS Score: %0.79
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2011-3177

    The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.... Read more

    Affected Products : yast2
    • EPSS Score: %0.03
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2011-2683

    reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack.... Read more

    Affected Products : reseed
    • EPSS Score: %0.34
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-15530

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the applicat... Read more

    Affected Products : norton_family
    • EPSS Score: %0.08
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-2733

    Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious ... Read more

    Affected Products : honor_6x_firmware honor_6x
    • EPSS Score: %0.09
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11401

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected... Read more

    • EPSS Score: %0.20
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-18006

    netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.... Read more

    Affected Products : portfolio_netpublish
    • EPSS Score: %0.24
    • Published: Jan. 01, 2018
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10704

    Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.... Read more

    Affected Products : magento
    • EPSS Score: %0.10
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-14855

    Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.... Read more

    Affected Products : hmi_panel_firmware hmi_panel
    • EPSS Score: %0.62
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12813

    PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.... Read more

    Affected Products : phpjabbers_file_sharing_script
    • EPSS Score: %0.24
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12811

    PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.... Read more

    Affected Products : phpjabbers_star_rating_script
    • EPSS Score: %0.24
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291593 Results