Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-9067

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9061

    In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-2709

    HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to ... Read more

    Affected Products : skytone higame
    • EPSS Score: %0.08
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2704

    Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawe... Read more

    • EPSS Score: %0.08
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8831

    Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.... Read more

    Affected Products : dotclear
    • EPSS Score: %0.93
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-8814

    Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.... Read more

    Affected Products : umbraco_cms umbraco
    • EPSS Score: %0.11
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4547

    Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.56
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2213

    Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : semidynaexe
    • EPSS Score: %0.14
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8667

    Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.23
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4460

    Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.... Read more

    Affected Products : pony_mail
    • EPSS Score: %0.09
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8593

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2325

    A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.... Read more

    Affected Products : northstar_controller
    • EPSS Score: %0.49
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4312

    XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct... Read more

    Affected Products : identity_server
    • EPSS Score: %5.42
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2253

    Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : toolbar
    • EPSS Score: %0.14
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12907

    Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.24
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2167

    Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : primedrive_desktop_application
    • EPSS Score: %0.66
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2142

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • EPSS Score: %2.79
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-2141

    WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • EPSS Score: %0.48
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2126

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.... Read more

    • EPSS Score: %13.46
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-2103

    The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : lala_call
    • EPSS Score: %0.29
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291368 Results