Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-3129

    A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.... Read more

    Affected Products : fortiweb
    • EPSS Score: %0.26
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3031

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.26
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-2992

    IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more

    Affected Products : biginsights
    • EPSS Score: %0.23
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1560

    ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or ... Read more

    • EPSS Score: %81.67
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-1559

    D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.... Read more

    • EPSS Score: %1.10
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10702

    Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted appl... Read more

    Affected Products : pebble_firmware pebble
    • EPSS Score: %0.22
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10391

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10382

    In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10399

    Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.... Read more

    Affected Products : sendio
    • EPSS Score: %0.28
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10280

    An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged p... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10304

    The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security No... Read more

    • EPSS Score: %0.89
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10177

    An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %20.06
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0872

    A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.... Read more

    Affected Products : webdatorcentral
    • EPSS Score: %0.25
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11323

    Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.... Read more

    Affected Products : alzip
    • EPSS Score: %4.23
    • Published: Aug. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14034

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application... Read more

    Affected Products : libbpg
    • EPSS Score: %0.52
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-2916

    An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger thi... Read more

    • EPSS Score: %0.44
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-2890

    An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability... Read more

    • EPSS Score: %1.62
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13985

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.... Read more

    • EPSS Score: %0.45
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2790

    When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a ... Read more

    Affected Products : ichitaro
    • EPSS Score: %1.18
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5071

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.03
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291659 Results