Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7551

    chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).... Read more

    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6727

    The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6726

    Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.... Read more

    Affected Products : android
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8256

    Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.... Read more

    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-4874

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4873

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4872

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4871

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4870

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-4869

    Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4868

    Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4867

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2016-4866

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2016-4865

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.... Read more

    Affected Products : office
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7891

    sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.... Read more

    Affected Products : sourcebans-pp
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7889

    The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restric... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7885

    Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_di... Read more

    Affected Products : jbig2dec
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7615

    MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.... Read more

    Affected Products : mantisbt
    • Published: Apr. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7882

    LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.... Read more

    Affected Products : libreoffice
    • Published: Apr. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7881

    BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modul... Read more

    Affected Products : bigtree_cms
    • Published: Apr. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293684 Results