Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-0639

    An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that iso... Read more

    Affected Products : android
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9049

    An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port... Read more

    Affected Products : database_server
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0563

    An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5401

    Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.... Read more

    Affected Products : teradata_express teradata_gateway
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-0374

    lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.... Read more

    Affected Products : config-model
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1551

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click action... Read more

    Affected Products : api_connect
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15383

    Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.... Read more

    Affected Products : nero
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16880

    The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.... Read more

    Affected Products : whoops
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9885

    An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly ... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9868

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavaila... Read more

    Affected Products : scaleio
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9072

    Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.... Read more

    Affected Products : flatcalendarxp popcalendarxp
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-16957

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /... Read more

    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1490

    An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.... Read more

    Affected Products : jazz_reporting_service
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-12947

    classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.... Read more

    Affected Products : easy_modal
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12922

    wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.... Read more

    Affected Products : libfpx
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12810

    PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.... Read more

    Affected Products : phpjabbers_newsletter_script
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12731

    A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The appli... Read more

    • Published: Sep. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1269

    IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744... Read more

    Affected Products : security_guardium
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12582

    Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveil... Read more

    Affected Products : ts-212p_firmware ts-212p
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12650

    SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.... Read more

    Affected Products : loginizer
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293259 Results