Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-5727

    LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %0.60
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5401

    Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.... Read more

    • EPSS Score: %0.13
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5197

    The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.62
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5077

    Netikus EventSentry before 3.2.1.44 has XSS via SNMP.... Read more

    Affected Products : eventsentry
    • EPSS Score: %0.24
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5069

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.03
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-4931

    XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.... Read more

    Affected Products : junos_space junos_space
    • EPSS Score: %0.27
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-4929

    Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.... Read more

    Affected Products : junos_space junos_space
    • EPSS Score: %2.05
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4900

    Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : evernote
    • EPSS Score: %0.42
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4873

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.... Read more

    Affected Products : office
    • EPSS Score: %0.28
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4872

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.... Read more

    Affected Products : office
    • EPSS Score: %0.22
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4871

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : office
    • EPSS Score: %1.51
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-4869

    Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.... Read more

    Affected Products : office
    • EPSS Score: %1.16
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4292

    When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an agg... Read more

    Affected Products : hancom_office_2014
    • EPSS Score: %0.46
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3407

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %0.44
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3114

    Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.... Read more

    Affected Products : kallithea
    • EPSS Score: %0.16
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-3109

    The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : shopware
    • EPSS Score: %34.59
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-2433

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2013-7461

    A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.... Read more

    Affected Products : application_control change_control
    • EPSS Score: %0.04
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-2274

    An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-1919

    Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.... Read more

    Affected Products : knox
    • EPSS Score: %0.07
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291255 Results