Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-16868

    In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV fi... Read more

    Affected Products : swftools
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16850

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9889

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000... Read more

    Affected Products : irfanview fpx
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3027

    IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8931

    IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8999

    IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-0310

    IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-9994

    IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Referen... Read more

    Affected Products : kenexa_lcms_premier
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4950

    Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.... Read more

    Affected Products : manager
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0460

    An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-8479

    An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device co... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8443

    Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.... Read more

    Affected Products : android linux_kernel
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-5554

    An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot,... Read more

    Affected Products : oxygenos oneplus_3 oneplus_3t
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-9039

    An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never free... Read more

    Affected Products : smartos
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3614

    Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.... Read more

    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1002009

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.... Read more

    Affected Products : membership_simplified
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9878

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000... Read more

    Affected Products : irfanview fpx
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1000226

    Stop User Enumeration 1.3.8 allows user enumeration via the REST API... Read more

    Affected Products : stop_user_enumeration
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1000221

    In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access rest... Read more

    Affected Products : opencast
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000194

    October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.... Read more

    Affected Products : october
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292797 Results