Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10382

    In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10399

    Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.... Read more

    Affected Products : sendio
    • EPSS Score: %0.28
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10280

    An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged p... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10304

    The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security No... Read more

    • EPSS Score: %0.89
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10177

    An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %20.06
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0872

    A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.... Read more

    Affected Products : webdatorcentral
    • EPSS Score: %0.25
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11323

    Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.... Read more

    Affected Products : alzip
    • EPSS Score: %4.23
    • Published: Aug. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14034

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application... Read more

    Affected Products : libbpg
    • EPSS Score: %0.52
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-2916

    An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger thi... Read more

    • EPSS Score: %0.44
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-2890

    An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability... Read more

    • EPSS Score: %1.62
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13985

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.... Read more

    • EPSS Score: %0.45
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2790

    When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a ... Read more

    Affected Products : ichitaro
    • EPSS Score: %1.18
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5071

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.03
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7398

    D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing t... Read more

    • EPSS Score: %0.33
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2015-0864

    Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.... Read more

    Affected Products : galaxy_app samsung_account_app
    • EPSS Score: %0.33
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-0554

    An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capa... Read more

    Affected Products : android
    • EPSS Score: %0.76
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2015-8356

    Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xl... Read more

    Affected Products : bitrix
    • EPSS Score: %2.55
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.4

    HIGH
    CVE-2017-3582

    Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Supported versions that are affected are 2.3.8 and 2.3.13. Easily "exploitable" vulnerability allows unauthen... Read more

    Affected Products : supercluster_specific_software
    • EPSS Score: %0.20
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13670

    In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.... Read more

    Affected Products : blackcat_cms
    • EPSS Score: %0.13
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1348

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.27
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291638 Results