Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2017-16564

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).... Read more

    Affected Products : ht802_firmware ht802
    • EPSS Score: %0.15
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-16359

    In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.... Read more

    Affected Products : radare2
    • EPSS Score: %0.19
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2015-5181

    The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : jboss_a-mq
    • EPSS Score: %0.17
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025
  • 8.8

    HIGH
    CVE-2015-5173

    Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Lea... Read more

    • EPSS Score: %0.48
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-15990

    Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.... Read more

    Affected Products : phpinventory
    • EPSS Score: %8.79
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-15962

    iStock Management System 1.0 allows Arbitrary File Upload via user/profile.... Read more

    Affected Products : istock_management_system
    • EPSS Score: %18.15
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025
  • 7.2

    HIGH
    CVE-2017-15949

    Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.... Read more

    Affected Products : xavier
    • EPSS Score: %0.23
    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025
  • 6.5

    MEDIUM
    CVE-2015-4684

    Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote auth... Read more

    Affected Products : realpresence_resource_manager
    • EPSS Score: %12.42
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025
  • 5.9

    MEDIUM
    CVE-2016-10511

    The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and po... Read more

    Affected Products : twitter
    • EPSS Score: %0.29
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025
  • 8.8

    HIGH
    CVE-2017-15700

    A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.... Read more

    • EPSS Score: %0.22
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025
  • 9.3

    HIGH
    CVE-2016-10342

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025
  • 9.0

    HIGH
    CVE-2016-10401

    ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).... Read more

    Affected Products : pk5001z_firmware pk5001z
    • EPSS Score: %35.96
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025
  • 10.0

    HIGH
    CVE-2016-10387

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-1553

    IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : infosphere_biginsights
    • EPSS Score: %0.27
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2016-10184

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %28.77
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2016-10180

    An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %10.92
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-10137

    An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and de... Read more

    Affected Products : adups_fota
    • EPSS Score: %0.05
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2016-10135

    An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application... Read more

    Affected Products : lg_mobile
    • EPSS Score: %0.30
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-15375

    Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, ... Read more

    Affected Products : wpjobboard
    • EPSS Score: %0.20
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-10123

    Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.... Read more

    Affected Products : firejail
    • EPSS Score: %0.04
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291558 Results