Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2016-4032

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not bloc... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4031

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attac... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-4030

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have uninte... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-2567

    secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by th... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2566

    Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.... Read more

    Affected Products : galaxy_s6_firmware galaxy_s6
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-2565

    Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.... Read more

    Affected Products : galaxy_s6_firmware galaxy_s6
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-2036

    The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a ... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10326

    In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.... Read more

    Affected Products : osip
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10325

    In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.... Read more

    Affected Products : osip
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10324

    In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.... Read more

    Affected Products : osip
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2015-8780

    Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.... Read more

    Affected Products : kies
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-7921

    mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.... Read more

    Affected Products : android
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-7920

    mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.... Read more

    Affected Products : android
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2010-1821

    Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-1816

    Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-7219

    A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6143

    SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.... Read more

    Affected Products : hana
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4970

    handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4800

    The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to ba... Read more

    Affected Products : windows jetty
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4068

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.... Read more

    Affected Products : leap opensuse webmail roundcube_webmail
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293679 Results