Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9899

    Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %39.48
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9898

    Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %3.45
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9897

    Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %4.95
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9896

    Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.... Read more

    Affected Products : firefox
    • EPSS Score: %2.43
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9895

    Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %0.71
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9894

    A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.... Read more

    Affected Products : firefox
    • EPSS Score: %2.83
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9893

    Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Fi... Read more

    • EPSS Score: %3.55
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9880

    The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • EPSS Score: %3.91
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9778

    An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacke... Read more

    • EPSS Score: %8.62
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-9749

    IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.... Read more

    Affected Products : campaign
    • EPSS Score: %0.04
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9722

    IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.... Read more

    • EPSS Score: %31.98
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9711

    IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.19
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9652

    Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.... Read more

    Affected Products : chrome
    • EPSS Score: %1.30
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9651

    A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.... Read more

    • EPSS Score: %53.95
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9646

    ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.... Read more

    Affected Products : debian_linux ikiwiki
    • EPSS Score: %0.26
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9645

    The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.16
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9606

    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.... Read more

    Affected Products : resteasy
    • EPSS Score: %0.77
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9605

    A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default instal... Read more

    Affected Products : cobbler cobbler
    • EPSS Score: %0.30
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2016-9604

    It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module s... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-9603

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user... Read more

    • EPSS Score: %1.52
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results