Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-9407

    Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.... Read more

    Affected Products : mybb merge_system
    • EPSS Score: %0.61
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2046

    Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.37
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-16589

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.10
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15746

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADI... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.10
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15740

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADIMAGE+0x000000000033228e... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9005

    IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.... Read more

    • EPSS Score: %0.49
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1612

    OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."... Read more

    Affected Products : openflow
    • EPSS Score: %0.97
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2015-1526

    The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8794

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92... Read more

    • EPSS Score: %0.04
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8792

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92... Read more

    • EPSS Score: %0.04
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8711

    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to t... Read more

    Affected Products : nitro_pdf_pro
    • EPSS Score: %0.12
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14011

    A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unaut... Read more

    • EPSS Score: %0.12
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-13982

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.... Read more

    • EPSS Score: %3.32
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8459

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.59
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-8409

    An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-2685

    Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions ... Read more

    • EPSS Score: %0.24
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-0974

    Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.... Read more

    Affected Products : mobiconnect
    • EPSS Score: %0.05
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0575

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-0904

    The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.... Read more

    Affected Products : restaurant_karaoke
    • EPSS Score: %0.33
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-15357

    The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.... Read more

    Affected Products : arq
    • EPSS Score: %0.64
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291659 Results