Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14288

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.06
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14193

    The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-1417

    Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is be... Read more

    Affected Products : snort
    • EPSS Score: %5.67
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-16691

    SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file ... Read more

    • EPSS Score: %0.37
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16679

    URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect use... Read more

    Affected Products : sap_kernel sap_kernel
    • EPSS Score: %0.30
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16636

    In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent... Read more

    Affected Products : bludit
    • EPSS Score: %0.27
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16568

    Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute... Read more

    Affected Products : media_server
    • EPSS Score: %0.30
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16564

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).... Read more

    Affected Products : ht802_firmware ht802
    • EPSS Score: %0.15
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16359

    In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.... Read more

    Affected Products : radare2
    • EPSS Score: %0.19
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-5181

    The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : jboss_a-mq
    • EPSS Score: %0.17
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-5173

    Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Lea... Read more

    • EPSS Score: %0.48
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15990

    Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.... Read more

    Affected Products : phpinventory
    • EPSS Score: %8.79
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15962

    iStock Management System 1.0 allows Arbitrary File Upload via user/profile.... Read more

    Affected Products : istock_management_system
    • EPSS Score: %18.15
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-15949

    Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.... Read more

    Affected Products : xavier
    • EPSS Score: %0.23
    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-4684

    Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote auth... Read more

    Affected Products : realpresence_resource_manager
    • EPSS Score: %12.42
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-10511

    The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and po... Read more

    Affected Products : twitter
    • EPSS Score: %0.29
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15700

    A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.... Read more

    • EPSS Score: %0.22
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10342

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-10401

    ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).... Read more

    Affected Products : pk5001z_firmware pk5001z
    • EPSS Score: %35.96
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10387

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291526 Results