Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-1496

    IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.20
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-3654

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.... Read more

    Affected Products : clearpass clearpass_policy_manager
    • EPSS Score: %0.91
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14916

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-14903

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1489

    IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.... Read more

    • EPSS Score: %0.21
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3638

    phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, ... Read more

    Affected Products : phpmybackuppro
    • EPSS Score: %1.61
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-3431

    Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."... Read more

    Affected Products : pydio
    • EPSS Score: %6.18
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14796

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with... Read more

    Affected Products : libbpg
    • EPSS Score: %0.61
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14644

    A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.... Read more

    Affected Products : bento4
    • EPSS Score: %0.86
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14573

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.06
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14552

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.06
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-14530

    WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.... Read more

    Affected Products : crony_cronjob_manager
    • EPSS Score: %0.11
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2017-3763

    An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.... Read more

    Affected Products : xclarity_administrator
    • EPSS Score: %0.05
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3830

    A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known ... Read more

    Affected Products : meeting_server
    • EPSS Score: %0.63
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-3844

    A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance s... Read more

    Affected Products : prime_collaboration_assurance
    • EPSS Score: %0.20
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5068

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.04
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5053

    OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.... Read more

    Affected Products : lightify_home
    • EPSS Score: %2.04
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-2989

    Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.... Read more

    Affected Products : campaign
    • EPSS Score: %3.51
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-2881

    An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter net... Read more

    • EPSS Score: %0.25
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-4947

    Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.... Read more

    Affected Products : hue
    • EPSS Score: %0.29
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291615 Results