Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2016-8746

    Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.... Read more

    Affected Products : ranger
    • EPSS Score: %0.54
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14049

    In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.... Read more

    Affected Products : blackcat_cms
    • EPSS Score: %0.14
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2017-14019

    An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquote... Read more

    Affected Products : movicon
    • EPSS Score: %0.10
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-14016

    A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attack... Read more

    Affected Products : webaccess
    • EPSS Score: %19.22
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-8588

    The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.... Read more

    Affected Products : threat_discovery_appliance
    • EPSS Score: %0.56
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-8416

    An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. P... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.25
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-8410

    An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. P... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7935

    A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests.... Read more

    Affected Products : mguard_firmware mguard_firmware mguard
    • EPSS Score: %0.23
    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-8323

    Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker w... Read more

    Affected Products : flexcube_core_banking
    • EPSS Score: %0.19
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-12946

    classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.... Read more

    Affected Products : easy_modal
    • EPSS Score: %0.48
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-5013

    The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7686

    Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server ... Read more

    Affected Products : ignite
    • EPSS Score: %1.17
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12754

    Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51... Read more

    • EPSS Score: %10.01
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9931

    A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9678

    FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter.... Read more

    Affected Products : flexpaper
    • EPSS Score: %0.25
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-9558

    Multiple SQL injection vulnerabilities in SmartCMS v.2.... Read more

    Affected Products : smartcms
    • EPSS Score: %2.74
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12347

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client ... Read more

    Affected Products : data_center_network_manager
    • EPSS Score: %0.23
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-16806

    The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.... Read more

    Affected Products : ulterius_server
    • EPSS Score: %89.28
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-9692

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R... Read more

    • EPSS Score: %0.14
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-10153

    Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1 and 7.2. Difficult to exploit vulnerability allows low ... Read more

    • EPSS Score: %0.51
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292495 Results