Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-0684

    A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0675

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0604

    An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent ... Read more

    Affected Products : android
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0581

    An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privile... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-0535

    An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. ... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0458

    An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pr... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15609

    Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.... Read more

    Affected Products : octopus_deploy
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15538

    Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes... Read more

    Affected Products : ilias
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-8769

    Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion... Read more

    Affected Products : whatsapp
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15251

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2690

    Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2)... Read more

    Affected Products : addons_module
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9405

    Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mybb merge_system
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2046

    Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.... Read more

    Affected Products : mantisbt
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1612

    OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."... Read more

    Affected Products : openflow
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8794

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8792

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14011

    A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unaut... Read more

    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-2685

    Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions ... Read more

    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0575

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-0904

    The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.... Read more

    Affected Products : restaurant_karaoke
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292836 Results