Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-5289

    Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %2.85
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-5288

    Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.... Read more

    Affected Products : firefox
    • EPSS Score: %0.46
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5287

    A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.... Read more

    Affected Products : firefox
    • EPSS Score: %0.59
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5285

    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.... Read more

    • EPSS Score: %0.65
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-5236

    Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more

    Affected Products : websafe_alert_server
    • EPSS Score: %0.25
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-5235

    A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.... Read more

    Affected Products : websafe_alert_server
    • EPSS Score: %0.67
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-5202

    browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access d... Read more

    Affected Products : linux_kernel chrome macos windows
    • EPSS Score: %0.14
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5194

    Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.... Read more

    Affected Products : chrome
    • EPSS Score: %0.25
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • EPSS Score: %3.35
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4991

    Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve comma... Read more

    Affected Products : nodepdf
    • EPSS Score: %1.24
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4983

    A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.... Read more

    Affected Products : enterprise_linux leap opensuse dovecot
    • EPSS Score: %0.14
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2016-4980

    A password generation weakness exists in xquest through 2016-06-13.... Read more

    Affected Products : enterprise_linux fedora xquest
    • EPSS Score: %0.13
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-4975

    Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fi... Read more

    Affected Products : http_server
    • EPSS Score: %86.60
    • Published: Aug. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-4761

    WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS... Read more

    Affected Products : ubuntu_linux webkitgtk\+
    • EPSS Score: %0.54
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-4676

    A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.... Read more

    Affected Products : mac_os_x safari
    • EPSS Score: %1.78
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-4644

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with t... Read more

    Affected Products : iphone_os apple_tv mac_os
    • EPSS Score: %0.45
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-4643

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.... Read more

    Affected Products : iphone_os apple_tv mac_os
    • EPSS Score: %0.37
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-4642

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.... Read more

    Affected Products : iphone_os apple_tv mac_os
    • EPSS Score: %0.36
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4606

    Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions.... Read more

    Affected Products : curl mac_os_x
    • EPSS Score: %0.22
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-4572

    In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.... Read more

    Affected Products : cdh
    • EPSS Score: %0.34
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results