Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-5760

    Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/ins... Read more

    Affected Products : groupwise
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6554

    pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.... Read more

    Affected Products : privilege_manager
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2016-1713

    Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted ... Read more

    Affected Products : vtiger_crm
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0564

    An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device c... Read more

    Affected Products : linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6624

    A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections comp... Read more

    Affected Products : ios
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6564

    On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive sys... Read more

    Affected Products : ts-550_evo_firmware ts-550_evo
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6054

    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.... Read more

    Affected Products : blue_link
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3581

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the... Read more

    Affected Products : automatic_service_request
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2017-2330

    A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will crea... Read more

    Affected Products : northstar_controller
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-2321

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modificatio... Read more

    Affected Products : northstar_controller
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-4895

    Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.... Read more

    Affected Products : airwatch_agent airwatch_inbox
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9518

    atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.... Read more

    Affected Products : atmail
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-2192

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.... Read more

    Affected Products : pl\/java
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9250

    The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) vi... Read more

    Affected Products : jerryscript
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-6703

    A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3400

    NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.... Read more

    Affected Products : data_ontap
    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-2782

    An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To ... Read more

    Affected Products : matrixssl
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-4981

    EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.... Read more

    Affected Products : bsafe_cert-c
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14142

    Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) par... Read more

    Affected Products : kaltura_server
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14270

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results