Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2017-8280

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context sw... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7570

    PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.83
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7980

    Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external sourc... Read more

    Affected Products : compass_rose
    • EPSS Score: %0.70
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6127

    Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2)... Read more

    Affected Products : dg-hr1400_firmware dg-hr1400
    • EPSS Score: %0.17
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5537

    The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.... Read more

    Affected Products : weblate
    • EPSS Score: %0.54
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-5530

    The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Communi... Read more

    Affected Products : tibbr
    • EPSS Score: %0.29
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-5518

    The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.40
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5219

    An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be upl... Read more

    Affected Products : sagecrm
    • EPSS Score: %4.03
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3507

    Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthe... Read more

    Affected Products : service_bus
    • EPSS Score: %0.79
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3489

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Eas... Read more

    Affected Products : flexcube_investor_servicing
    • EPSS Score: %0.22
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11415

    Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %0.23
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    CRITICAL
    CVE-2016-4435

    An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that t... Read more

    Affected Products : cloud_foundry bosh_stemcell
    • EPSS Score: %0.55
    • Published: May. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3083

    Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doe... Read more

    Affected Products : hive
    • EPSS Score: %0.21
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9924

    In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9967

    In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9961

    In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10364

    With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.... Read more

    Affected Products : kibana
    • EPSS Score: %0.17
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9584

    The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... Read more

    Affected Products : hbo_mobile_banking
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10756

    XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpR... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.05
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1157

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.21
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291258 Results