Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-7617

    Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan func... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7616

    Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operati... Read more

    Affected Products : linux_kernel
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6190

    Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.... Read more

    Affected Products : dwr-116_firmware dwr-116 dwr-116a1
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6605

    Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.... Read more

    Affected Products : cdh
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10321

    web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.... Read more

    Affected Products : web2py
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-10304

    The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security No... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8378

    In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.... Read more

    Affected Products : keepassx
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6534

    Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5682

    Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.... Read more

    Affected Products : swagger-ui
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5642

    Opmantek NMIS before 8.5.12G has XSS via SNMP.... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5078

    Paessler PRTG before 16.2.24.4045 has XSS via SNMP.... Read more

    Affected Products : prtg_network_monitor
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5077

    Netikus EventSentry before 3.2.1.44 has XSS via SNMP.... Read more

    Affected Products : eventsentry
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5076

    CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.... Read more

    Affected Products : cloudview_nms
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5075

    CloudView NMS before 2.10a has XSS via a TELNET login.... Read more

    Affected Products : cloudview_nms
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5074

    CloudView NMS before 2.10a has a format string issue exploitable over SNMP.... Read more

    Affected Products : cloudview_nms
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5073

    CloudView NMS before 2.10a has XSS via SNMP.... Read more

    Affected Products : cloudview_nms
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5072

    OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9... Read more

    Affected Products : oxid_eshop
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5071

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5070

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5069

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293669 Results