Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2017-7323

    The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack ... Read more

    Affected Products : modx_revolution
    • EPSS Score: %1.20
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7258

    HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Pat... Read more

    Affected Products : emli
    • EPSS Score: %2.68
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7243

    Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.... Read more

    Affected Products : tinydtls
    • EPSS Score: %0.76
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-2567

    secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by th... Read more

    • EPSS Score: %0.08
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-2565

    Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.... Read more

    Affected Products : galaxy_s6_firmware galaxy_s6
    • EPSS Score: %0.08
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-3498

    The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.... Read more

    Affected Products : ansible
    • EPSS Score: %0.55
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2336

    Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.... Read more

    Affected Products : ruby
    • EPSS Score: %1.46
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-6873

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/... Read more

    • EPSS Score: %0.19
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6823

    Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %6.84
    • Published: Mar. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6781

    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the ro... Read more

    Affected Products : policy_suite
    • EPSS Score: %0.05
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6700

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.35
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6643

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected soft... Read more

    Affected Products : remote_expert_manager
    • EPSS Score: %0.37
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8589

    log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.... Read more

    Affected Products : threat_discovery_appliance
    • EPSS Score: %3.54
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6560

    XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.... Read more

    Affected Products : agora-project
    • EPSS Score: %0.23
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6509

    Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).... Read more

    Affected Products : burgundy-cms
    • EPSS Score: %0.24
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6490

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrow... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Mar. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6487

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.ph... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Mar. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8446

    An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8439

    Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.59
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6411

    Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.... Read more

    Affected Products : dsl-2730u_firmware dsl-2730u
    • EPSS Score: %2.26
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291634 Results