Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-3109

    The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : shopware
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3067

    Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.... Read more

    Affected Products : cygwin
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-2433

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.... Read more

    Affected Products : android
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2347

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.... Read more

    Affected Products : debian_linux leap opensuse lhasa
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2173

    org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-1561

    ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1560

    ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or ... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1520

    The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1519

    The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-1518

    The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive infor... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1221

    Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : jetstar
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1210

    The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : 105_bank
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1198

    Photopt for Android before 2.0.1 does not verify SSL certificates.... Read more

    Affected Products : photopt
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-1187

    Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.... Read more

    Affected Products : kunai
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1186

    Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.... Read more

    Affected Products : kintone
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8051

    Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.... Read more

    Affected Products : appliance
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8050

    Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.... Read more

    Affected Products : appliance
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7994

    The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6519

    Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.... Read more

    Affected Products : openstack manila
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-1559

    D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294299 Results