Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-6818

    SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS comma... Read more

    Affected Products : business_intelligence_platform
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7725

    concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domai... Read more

    Affected Products : concrete_cms concrete5
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7834

    SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-E... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-4899

    The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.... Read more

    Affected Products : novabackup_datacenter
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-4898

    The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.... Read more

    Affected Products : novabackup_datacenter
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1155

    HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.... Read more

    Affected Products : android
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8619

    The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2015-8567

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8345

    The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-4646

    (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.... Read more

    Affected Products : squashfs
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2015-2947

    KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.... Read more

    Affected Products : kancolleviewer
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-3887

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incompl... Read more

    Affected Products : rockdisk_firmware rockdisk
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2013-6662

    Google Chrome caches TLS sessions before certificate validation occurs.... Read more

    Affected Products : chrome
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2013-6648

    SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).... Read more

    Affected Products : skia
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-1301

    The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.... Read more

    Affected Products : umbraco_cms
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7854

    The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.... Read more

    Affected Products : radare2
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7853

    In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.... Read more

    Affected Products : osip
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2016-4032

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not bloc... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4031

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attac... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4030

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have uninte... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293656 Results