Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-2971

    IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-0765

    Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.... Read more

    Affected Products : eshop_plugin
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0398

    An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Produc... Read more

    Affected Products : android
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3151

    Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attacker... Read more

    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8398

    Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.... Read more

    Affected Products : android linux_kernel
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8480

    An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first re... Read more

    Affected Products : android linux_kernel
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8420

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-6092

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.... Read more

    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-8942

    IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6030

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0394

    IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6604

    NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.... Read more

    Affected Products : android exynos_fimg2d
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6077

    ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.... Read more

    Affected Products : dgn2200_firmware dgn2200
    • Actively Exploited
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5585

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to con... Read more

    Affected Products : documentum_content_server
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9684

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for p... Read more

    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-3837

    An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of con... Read more

    Affected Products : meeting_server
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6056

    It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a C... Read more

    Affected Products : ubuntu_linux debian_linux
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8968

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5141

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the ... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8377

    An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an ex... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292835 Results