Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-9980

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    Affected Products : curam_social_program_management
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9725

    IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.... Read more

    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9723

    IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Ref... Read more

    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9714

    IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB... Read more

    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9696

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 19999... Read more

    Affected Products : rational_rhapsody_design_manager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-3840

    The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.... Read more

    Affected Products : android
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9456

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fi... Read more

    Affected Products : revive_adserver
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-9354

    An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.... Read more

    Affected Products : dacenter
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9279

    Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.... Read more

    Affected Products : exynos_fimg2d_driver
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3220

    The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).... Read more

    Affected Products : tlslite
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-8980

    IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all availab... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-8966

    IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the m... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2016-8938

    IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.... Read more

    Affected Products : urbancode_deploy
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-8775

    Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or exe... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8758

    ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of ... Read more

    Affected Products : mate_8_firmware mate_8
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8585

    admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-8507

    Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.... Read more

    Affected Products : yandex_browser
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8493

    In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.... Read more

    Affected Products : forticlient
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8451

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privile... Read more

    Affected Products : android linux_kernel
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8445

    An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi... Read more

    Affected Products : android
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292797 Results