Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-9069

    A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %0.30
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9068

    A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %2.58
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9067

    Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %2.04
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9066

    A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %20.61
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9065

    The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and o... Read more

    Affected Products : android firefox
    • EPSS Score: %0.37
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9064

    Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinn... Read more

    Affected Products : firefox firefox_esr
    • EPSS Score: %0.27
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9063

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox debian_linux python
    • EPSS Score: %1.90
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-9062

    Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operat... Read more

    Affected Products : android firefox
    • EPSS Score: %0.08
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9061

    A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems a... Read more

    Affected Products : android firefox
    • EPSS Score: %0.91
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2016-9048

    Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to tr... Read more

    Affected Products : processmaker
    • EPSS Score: %0.26
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9045

    A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to tri... Read more

    Affected Products : processmaker
    • EPSS Score: %0.24
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-9044

    An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger ... Read more

    Affected Products : webfocus
    • EPSS Score: %0.87
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9043

    An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker c... Read more

    Affected Products : coreldraw
    • EPSS Score: %0.96
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9042

    An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies f... Read more

    • EPSS Score: %2.53
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2016-9040

    An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a bu... Read more

    Affected Products : smartos
    • EPSS Score: %0.18
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9038

    An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An ... Read more

    Affected Products : invincea-x
    • EPSS Score: %0.03
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9026

    Exponent CMS before 2.6.0 has improper input validation in fileController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.61
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9025

    Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.61
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9023

    Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.61
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9022

    Exponent CMS before 2.6.0 has improper input validation in usersController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.61
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results