Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-14011

    A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unaut... Read more

    • EPSS Score: %0.12
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-13982

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.... Read more

    • EPSS Score: %3.32
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8459

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.59
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-8409

    An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-2685

    Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions ... Read more

    • EPSS Score: %0.24
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-0974

    Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.... Read more

    Affected Products : mobiconnect
    • EPSS Score: %0.05
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0575

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-0904

    The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.... Read more

    Affected Products : restaurant_karaoke
    • EPSS Score: %0.33
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-15357

    The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.... Read more

    Affected Products : arq
    • EPSS Score: %0.64
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12970

    Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.... Read more

    Affected Products : apache2triad
    • EPSS Score: %0.18
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-7801

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.28
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1530

    IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.27
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2015-4056

    The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.... Read more

    Affected Products : vce_vision_intelligent_operations
    • EPSS Score: %0.06
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15242

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.19
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12929

    Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.... Read more

    Affected Products : dlx_spot_player4
    • EPSS Score: %3.34
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12777

    Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.24
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-12732

    A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary r... Read more

    • EPSS Score: %0.25
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-8393

    DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.... Read more

    • EPSS Score: %4.84
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4857

    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing att... Read more

    Affected Products : splunk
    • EPSS Score: %0.17
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-9695

    The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user.... Read more

    • EPSS Score: %0.22
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291269 Results