Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9539

    tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.... Read more

    Affected Products : libtiff
    • EPSS Score: %0.42
    • Published: Nov. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-8606

    The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.... Read more

    Affected Products : fedora guile
    • EPSS Score: %0.46
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7993

    A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7950

    The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.... Read more

    Affected Products : fedora libxrender
    • EPSS Score: %0.75
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7937

    The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7932

    The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7927

    The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.92
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7924

    The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.92
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7923

    The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.92
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6795

    In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.... Read more

    Affected Products : struts
    • EPSS Score: %12.48
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6288

    The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.... Read more

    Affected Products : php
    • EPSS Score: %6.64
    • Published: Jul. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5815

    An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the de... Read more

    • EPSS Score: %1.19
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5772

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute ar... Read more

    • EPSS Score: %8.80
    • Published: Aug. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5290

    Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu... Read more

    • EPSS Score: %1.97
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5274

    Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction betwee... Read more

    Affected Products : firefox firefox_esr
    • EPSS Score: %1.52
    • Published: Sep. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2338

    An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as ele... Read more

    Affected Products : ruby debian_linux
    • EPSS Score: %11.84
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2337

    Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.... Read more

    Affected Products : ruby
    • EPSS Score: %1.59
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2148

    Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • EPSS Score: %15.84
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2074

    Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.... Read more

    Affected Products : openshift openvswitch
    • EPSS Score: %8.55
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2051

    Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %0.30
    • Published: Jan. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291401 Results