Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-3232

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the... Read more

    Affected Products : automatic_service_request
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-3230

    Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated ... Read more

    Affected Products : fusion_middleware_mapviewer
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6917

    Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6916

    Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, whi... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-6903

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-6902

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 2.8

    LOW
    CVE-2016-5551

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the in... Read more

    Affected Products : solaris_cluster
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-5016

    Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does ... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2011-3438

    WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.... Read more

    Affected Products : safari
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2011-3428

    Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.... Read more

    Affected Products : quicktime
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2010-1776

    Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.... Read more

    Affected Products : iphone_os
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8105

    FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.... Read more

    Affected Products : debian_linux freetype
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8104

    In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.... Read more

    Affected Products : mybb
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8103

    In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.... Read more

    Affected Products : mybb
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8102

    Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.... Read more

    Affected Products : serendipity
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8101

    There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.... Read more

    Affected Products : serendipity
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8100

    There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.... Read more

    Affected Products : copysafe_web_protection
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8099

    There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.... Read more

    Affected Products : whizz whizz
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8098

    e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.... Read more

    Affected Products : e107
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7723

    XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.... Read more

    Affected Products : easy_wp_smtp
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293962 Results