Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-8511

    A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.... Read more

    Affected Products : network_automation
    • EPSS Score: %19.67
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7630

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.48
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7398

    A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via c... Read more

    Affected Products : ext-http
    • EPSS Score: %3.20
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54534

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.... Read more

    • Published: Dec. 12, 2024
    • Modified: Apr. 19, 2025

  • 9.8

    CRITICAL
    CVE-2016-7115

    Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.... Read more

    Affected Products : mac-telnet
    • EPSS Score: %1.22
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6809

    Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.... Read more

    Affected Products : tika nutch
    • EPSS Score: %9.27
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6087

    IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.... Read more

    Affected Products : domino
    • EPSS Score: %1.43
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5873

    Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.... Read more

    Affected Products : pecl_http
    • EPSS Score: %5.06
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5531

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %1.78
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5336

    VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : vrealize_automation
    • EPSS Score: %1.93
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-5594

    Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.... Read more

    • EPSS Score: %0.33
    • Published: Jun. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5100

    Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.... Read more

    Affected Products : froxlor
    • EPSS Score: %0.29
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-10335

    A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injectio... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-10871

    The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2016-4368

    HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Com... Read more

    • EPSS Score: %0.59
    • Published: Jun. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4345

    Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer ... Read more

    Affected Products : php
    • EPSS Score: %0.68
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4322

    BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.... Read more

    • EPSS Score: %3.29
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3957

    The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.... Read more

    Affected Products : web2py
    • EPSS Score: %12.74
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3953

    The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.... Read more

    Affected Products : web2py
    • EPSS Score: %1.51
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3154

    The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized obj... Read more

    Affected Products : spip
    • EPSS Score: %1.24
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291969 Results