Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-5298

    A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulne... Read more

    Affected Products : android firefox
    • EPSS Score: %0.67
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5297

    An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %1.91
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5296

    A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %2.57
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-5295

    This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant ... Read more

    Affected Products : firefox windows
    • EPSS Score: %0.08
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5294

    The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerabilit... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.10
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5293

    When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating sys... Read more

    Affected Products : firefox firefox_esr debian_linux windows
    • EPSS Score: %0.10
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-5292

    During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %1.02
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5291

    A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • EPSS Score: %0.04
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5290

    Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu... Read more

    • EPSS Score: %1.97
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5289

    Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • EPSS Score: %2.85
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-5288

    Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.... Read more

    Affected Products : firefox
    • EPSS Score: %0.46
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5287

    A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.... Read more

    Affected Products : firefox
    • EPSS Score: %0.59
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5285

    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.... Read more

    • EPSS Score: %0.65
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-5236

    Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more

    Affected Products : websafe_alert_server
    • EPSS Score: %0.25
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-5235

    A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.... Read more

    Affected Products : websafe_alert_server
    • EPSS Score: %0.67
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-5202

    browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access d... Read more

    Affected Products : linux_kernel chrome macos windows
    • EPSS Score: %0.14
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5194

    Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.... Read more

    Affected Products : chrome
    • EPSS Score: %0.25
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • EPSS Score: %3.35
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4991

    Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve comma... Read more

    Affected Products : nodepdf
    • EPSS Score: %1.24
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4983

    A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.... Read more

    Affected Products : enterprise_linux leap opensuse dovecot
    • EPSS Score: %0.14
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291806 Results