Latest CVE Feed
-
5.4
MEDIUMCVE-2017-16564
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).... Read more
- EPSS Score: %0.15
- Published: Nov. 06, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-16359
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.... Read more
Affected Products : radare2- EPSS Score: %0.19
- Published: Nov. 01, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-5181
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.... Read more
Affected Products : jboss_a-mq- EPSS Score: %0.17
- Published: Sep. 25, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2015-5173
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Lea... Read more
- EPSS Score: %0.48
- Published: Oct. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-15990
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.... Read more
Affected Products : phpinventory- EPSS Score: %8.79
- Published: Oct. 31, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-15962
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.... Read more
Affected Products : istock_management_system- EPSS Score: %18.15
- Published: Oct. 29, 2017
- Modified: Apr. 20, 2025
-
7.2
HIGHCVE-2017-15949
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.... Read more
Affected Products : xavier- EPSS Score: %0.23
- Published: Oct. 28, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2015-4684
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote auth... Read more
Affected Products : realpresence_resource_manager- EPSS Score: %12.42
- Published: Sep. 19, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2016-10511
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and po... Read more
Affected Products : twitter- EPSS Score: %0.29
- Published: Sep. 18, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.... Read more
- EPSS Score: %0.22
- Published: Dec. 18, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2016-10342
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.... Read more
Affected Products : android- EPSS Score: %0.06
- Published: Jun. 13, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2016-10401
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).... Read more
- EPSS Score: %35.96
- Published: Jul. 25, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2016-10387
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.... Read more
Affected Products : android- EPSS Score: %0.25
- Published: Aug. 18, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1553
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more
Affected Products : infosphere_biginsights- EPSS Score: %0.27
- Published: Nov. 01, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-10184
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.... Read more
- EPSS Score: %28.77
- Published: Jan. 30, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-10180
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.... Read more
- EPSS Score: %10.92
- Published: Jan. 30, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2016-10137
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and de... Read more
Affected Products : adups_fota- EPSS Score: %0.05
- Published: Jan. 13, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-10135
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application... Read more
Affected Products : lg_mobile- EPSS Score: %0.30
- Published: Jan. 13, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-15375
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, ... Read more
Affected Products : wpjobboard- EPSS Score: %0.20
- Published: Oct. 16, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2016-10123
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.... Read more
Affected Products : firejail- EPSS Score: %0.04
- Published: Apr. 13, 2017
- Modified: Apr. 20, 2025