Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-9137

    Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated... Read more

    • EPSS Score: %0.09
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4948

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Real... Read more

    Affected Products : manager
    • EPSS Score: %0.10
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4859

    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0... Read more

    Affected Products : splunk
    • EPSS Score: %0.23
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4884

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • EPSS Score: %0.12
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-4896

    SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.... Read more

    Affected Products : setucocms
    • EPSS Score: %0.27
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4870

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.... Read more

    Affected Products : office
    • EPSS Score: %0.28
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4868

    Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.... Read more

    Affected Products : office
    • EPSS Score: %0.67
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4841

    Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.... Read more

    Affected Products : mailwise
    • EPSS Score: %0.67
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4844

    Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.... Read more

    Affected Products : mailwise
    • EPSS Score: %0.67
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-4829

    DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.... Read more

    Affected Products : ppv_play_player
    • EPSS Score: %0.18
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.4

    HIGH
    CVE-2016-4335

    An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.... Read more

    Affected Products : perceptive_document_filters
    • EPSS Score: %3.70
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-4305

    A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An att... Read more

    Affected Products : internet_security
    • EPSS Score: %0.06
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-3996

    ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.... Read more

    Affected Products : knox
    • EPSS Score: %0.20
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3038

    IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.23
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-1597

    A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.... Read more

    Affected Products : access_governance_suite
    • EPSS Score: %0.36
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-1217

    Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.... Read more

    Affected Products : garoon
    • EPSS Score: %0.34
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10346

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10316

    Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to... Read more

    • EPSS Score: %0.22
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10275

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device co... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10176

    The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also... Read more

    Affected Products : wnr2000v5_firmware wnr2000v5
    • EPSS Score: %86.62
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291659 Results