Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2017-5165

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized a... Read more

    • EPSS Score: %0.08
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5162

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.... Read more

    • EPSS Score: %60.06
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6914

    Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.... Read more

    Affected Products : windows unifi_video
    • EPSS Score: %0.14
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10290

    An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privil... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.17
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2013-7463

    The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.... Read more

    Affected Products : aescrypt
    • EPSS Score: %0.30
    • Published: Apr. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2013-7453

    The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.... Read more

    Affected Products : node.js
    • EPSS Score: %0.66
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10178

    An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %22.25
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2013-6662

    Google Chrome caches TLS sessions before certificate validation occurs.... Read more

    Affected Products : chrome
    • EPSS Score: %0.04
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6267

    SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGr... Read more

    Affected Products : smart_protection_server
    • EPSS Score: %72.52
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6238

    The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.... Read more

    Affected Products : lepton
    • EPSS Score: %0.21
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-0732

    The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with ... Read more

    • EPSS Score: %0.41
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3847

    A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releas... Read more

    • EPSS Score: %0.19
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6102

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.22
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6094

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.... Read more

    • EPSS Score: %0.31
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5932

    IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : connections
    • EPSS Score: %0.26
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2013-6049

    apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : debian_linux apt-listbugs
    • EPSS Score: %0.06
    • Published: Oct. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5798

    An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attac... Read more

    • EPSS Score: %1.68
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-3471

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows unauthenticated a... Read more

    Affected Products : flexcube_private_banking
    • EPSS Score: %0.64
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3451

    Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily "exploitable" vulnerability allows low privi... Read more

    • EPSS Score: %0.20
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-5614

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows... Read more

    Affected Products : flexcube_private_banking
    • EPSS Score: %0.25
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291368 Results