Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-4437

    Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.... Read more

    • Actively Exploited
    • EPSS Score: %94.30
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4436

    Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.... Read more

    Affected Products : struts
    • EPSS Score: %6.12
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4403

    A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.... Read more

    Affected Products : keyview
    • EPSS Score: %12.00
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4391

    A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.... Read more

    Affected Products : arcsight_winc_connector
    • EPSS Score: %41.61
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4368

    HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Com... Read more

    • EPSS Score: %0.59
    • Published: Jun. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4359

    Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch... Read more

    Affected Products : performance_center loadrunner
    • EPSS Score: %28.58
    • Published: Jun. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-41874

    ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing c... Read more

    Affected Products : coldfusion
    • Published: Sep. 13, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2016-4438

    The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.... Read more

    Affected Products : struts
    • EPSS Score: %53.50
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4345

    Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer ... Read more

    Affected Products : php
    • EPSS Score: %0.39
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4336

    An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right ci... Read more

    Affected Products : perceptive_document_filters
    • EPSS Score: %1.27
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14080

    Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.... Read more

    Affected Products : mobile_security
    • EPSS Score: %2.88
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4161

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.36
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4120

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.36
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4121

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... Read more

    • EPSS Score: %3.92
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4024

    Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.... Read more

    Affected Products : debian_linux opensuse imlib2
    • EPSS Score: %9.63
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-32040

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.1... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 22, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2016-3953

    The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.... Read more

    Affected Products : web2py
    • EPSS Score: %1.51
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29943

    An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.... Read more

    Affected Products : firefox
    • Published: Mar. 22, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2016-4000

    Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.... Read more

    Affected Products : debian_linux jython
    • EPSS Score: %15.58
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3821

    libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer d... Read more

    Affected Products : android
    • EPSS Score: %1.40
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292425 Results