Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2016-5710

    NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.... Read more

    Affected Products : snap_creator_framework
    • EPSS Score: %0.14
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5649

    A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, ... Read more

    • EPSS Score: %75.11
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5638

    There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access... Read more

    Affected Products : wndr4500_firmware wndr4500
    • EPSS Score: %1.27
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5431

    The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.... Read more

    Affected Products : php_jose
    • EPSS Score: %0.10
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-5402

    A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME r... Read more

    • EPSS Score: %3.22
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-5397

    The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.... Read more

    Affected Products : thrift
    • EPSS Score: %7.81
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5346

    An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user o... Read more

    Affected Products : android pixel pixel_xl
    • EPSS Score: %0.10
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2016-5345

    Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-5314

    Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by o... Read more

    • EPSS Score: %1.16
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-5311

    A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Prot... Read more

    • EPSS Score: %0.29
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5299

    A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. ... Read more

    Affected Products : android firefox
    • EPSS Score: %0.91
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-5298

    A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulne... Read more

    Affected Products : android firefox
    • EPSS Score: %0.67
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5297

    An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %1.91
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5296

    A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %2.57
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-5295

    This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant ... Read more

    Affected Products : firefox windows
    • EPSS Score: %0.08
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5294

    The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerabilit... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.10
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5293

    When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating sys... Read more

    Affected Products : firefox firefox_esr debian_linux windows
    • EPSS Score: %0.10
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-5292

    During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %1.02
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5291

    A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %0.04
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5290

    Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu... Read more

    • EPSS Score: %1.97
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results