Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-10334

    In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-0121

    The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.... Read more

    Affected Products : hawtio jboss_fuse
    • EPSS Score: %1.53
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-0115

    Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.... Read more

    Affected Products : storm
    • EPSS Score: %0.66
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-0073

    The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers,... Read more

    Affected Products : cordova cordova_in-app-browser
    • EPSS Score: %11.44
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10297

    In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-0043

    In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is ... Read more

    Affected Products : wicket
    • EPSS Score: %0.79
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2013-7430

    Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.... Read more

    Affected Products : googlemaps
    • EPSS Score: %0.26
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10181

    An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %12.07
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6601

    Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.... Read more

    Affected Products : webnms_framework
    • EPSS Score: %92.78
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2016-6560

    illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.... Read more

    Affected Products : illumos
    • EPSS Score: %0.48
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-3812

    A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory l... Read more

    • EPSS Score: %0.69
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2013-6648

    SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).... Read more

    Affected Products : skia
    • EPSS Score: %0.38
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6287

    The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an... Read more

    Affected Products : http-client
    • EPSS Score: %0.70
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-6270

    The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to a... Read more

    Affected Products : virtual_mobile_infrastructure
    • EPSS Score: %8.44
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6268

    Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.... Read more

    Affected Products : smart_protection_server
    • EPSS Score: %0.08
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3933

    Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.18
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-6246

    OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.05
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6242

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.04
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-6177

    The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6060

    An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.... Read more

    • EPSS Score: %0.20
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291638 Results