Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-3821

    A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.36
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10225

    The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.... Read more

    Affected Products : linux-3.4-sunxi a83t h3 h8
    • EPSS Score: %6.06
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10185

    An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %8.98
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-6649

    EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface a... Read more

    • EPSS Score: %0.18
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10154

    The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspeci... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6561

    illumos smbsrv NULL pointer dereference allows system crash.... Read more

    Affected Products : illumos
    • EPSS Score: %0.73
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6286

    The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also kn... Read more

    Affected Products : http-client
    • EPSS Score: %0.70
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6240

    Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.13
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6234

    The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.... Read more

    Affected Products : lepton
    • EPSS Score: %0.21
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5899

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.23
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-3625

    Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows una... Read more

    Affected Products : webcenter_content
    • EPSS Score: %0.62
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3522

    Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with netw... Read more

    • EPSS Score: %0.46
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3151

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.... Read more

    Affected Products : atlas
    • EPSS Score: %1.02
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3110

    Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.... Read more

    Affected Products : experience_manager
    • EPSS Score: %9.61
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5073

    CloudView NMS before 2.10a has XSS via SNMP.... Read more

    Affected Products : cloudview_nms
    • EPSS Score: %0.30
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5058

    OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.... Read more

    Affected Products : lightify_pro
    • EPSS Score: %0.26
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-2865

    An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigge... Read more

    • EPSS Score: %0.13
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4800

    The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to ba... Read more

    Affected Products : windows jetty
    • EPSS Score: %0.34
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-8999

    In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2645

    In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Mar. 26, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292321 Results