Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-7035

    An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to exe... Read more

    • EPSS Score: %0.10
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-6918

    Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (... Read more

    Affected Products : markvision_enterprise
    • EPSS Score: %1.10
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6814

    When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an... Read more

    Affected Products : enterprise_linux_server groovy
    • EPSS Score: %4.12
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6813

    Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset t... Read more

    Affected Products : cloudstack
    • EPSS Score: %1.53
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-6810

    In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.... Read more

    Affected Products : activemq
    • EPSS Score: %1.79
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-6658

    Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the ... Read more

    • EPSS Score: %0.31
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6599

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database ... Read more

    Affected Products : track-it\!
    • EPSS Score: %33.37
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6598

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. ... Read more

    Affected Products : track-it\!
    • EPSS Score: %36.87
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6593

    A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.... Read more

    Affected Products : vip_access_desktop
    • EPSS Score: %0.34
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6592

    A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote u... Read more

    Affected Products : norton_download_manager
    • EPSS Score: %0.61
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2016-6591

    A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.... Read more

    Affected Products : norton_app_lock
    • EPSS Score: %0.07
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6590

    A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualizati... Read more

    • EPSS Score: %0.06
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-6589

    A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.... Read more

    Affected Products : it_management_suite
    • EPSS Score: %0.77
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-6588

    A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.... Read more

    Affected Products : it_management_suite
    • EPSS Score: %0.47
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-6587

    An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.13
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-6586

    A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.84
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-6585

    A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.94
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6578

    CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced ... Read more

    Affected Products : filecloud
    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6567

    SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify tha... Read more

    Affected Products : resident_download_manager
    • EPSS Score: %1.25
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6566

    The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POS... Read more

    Affected Products : etrakit3
    • EPSS Score: %14.22
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291638 Results