Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-4292

    When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an agg... Read more

    Affected Products : hancom_office_2014
    • EPSS Score: %0.46
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3407

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %0.44
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3114

    Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.... Read more

    Affected Products : kallithea
    • EPSS Score: %0.16
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-3109

    The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : shopware
    • EPSS Score: %34.59
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-2433

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2013-7461

    A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.... Read more

    Affected Products : application_control change_control
    • EPSS Score: %0.04
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-2274

    An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-1919

    Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.... Read more

    Affected Products : knox
    • EPSS Score: %0.07
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2007-6759

    Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.... Read more

    Affected Products : ibootbar_firmware ibootbar
    • EPSS Score: %0.79
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10405

    Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • EPSS Score: %0.56
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10335

    In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-10212

    Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-p... Read more

    Affected Products : alteon
    • EPSS Score: %0.48
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16962

    The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitati... Read more

    Affected Products : communigate_pro
    • EPSS Score: %0.30
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-14018

    An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and sing... Read more

    • EPSS Score: %0.19
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-1999-0236

    ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.... Read more

    Affected Products : http_server ncsa_httpd
    • EPSS Score: %9.16
    • Published: Jan. 01, 1997
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-14124

    In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.... Read more

    Affected Products : rp
    • EPSS Score: %0.04
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11324

    An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php wi... Read more

    Affected Products : tilde_cms
    • EPSS Score: %0.25
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-0919

    EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : web_threat_detection
    • EPSS Score: %0.46
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14050

    In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.... Read more

    Affected Products : blackcat_cms
    • EPSS Score: %0.51
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14031

    An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.... Read more

    Affected Products : vtscada
    • EPSS Score: %0.04
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291275 Results