Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-6547

    Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900... Read more

    Affected Products : rt-ac53_firmware rt-ac53
    • EPSS Score: %1.04
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6391

    An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, ... Read more

    Affected Products : kaltura_server
    • EPSS Score: %0.28
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6343

    The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of t... Read more

    • EPSS Score: %2.35
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6273

    NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privil... Read more

    Affected Products : adsp_firmware tegra_jetson_l4t
    • EPSS Score: %0.05
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6224

    Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulne... Read more

    • EPSS Score: %0.75
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6103

    Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.... Read more

    Affected Products : anyvar
    • EPSS Score: %0.19
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6080

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly t... Read more

    Affected Products : zammad
    • EPSS Score: %0.17
    • Published: Mar. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6065

    SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.34
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6037

    A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.... Read more

    Affected Products : levi_studio_hmi_editor
    • EPSS Score: %0.41
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6007

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.... Read more

    Affected Products : hitmanpro
    • EPSS Score: %0.02
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5927

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers f... Read more

    • EPSS Score: %0.38
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5566

    Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full contro... Read more

    Affected Products : anti-virus internet_security ultimate
    • EPSS Score: %0.10
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5358

    Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.... Read more

    Affected Products : easycom_for_php
    • EPSS Score: %35.32
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5351

    Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.36
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-5244

    Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop ... Read more

    Affected Products : metasploit
    • EPSS Score: %0.20
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2034

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.... Read more

    Affected Products : clearpass
    • EPSS Score: %0.33
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5090

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012.... Read more

    Affected Products : chrome macos
    • EPSS Score: %0.16
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-4960

    An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.... Read more

    • EPSS Score: %0.45
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3899

    SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.... Read more

    Affected Products : advanced_threat_defense
    • EPSS Score: %0.51
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3848

    A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Inform... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.29
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292386 Results