Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-5287

    A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5285

    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.... Read more

    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-5236

    Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more

    Affected Products : websafe_alert_server
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-5235

    A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.... Read more

    Affected Products : websafe_alert_server
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-5202

    browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access d... Read more

    Affected Products : linux_kernel chrome macos windows
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5194

    Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.... Read more

    Affected Products : chrome
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4991

    Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve comma... Read more

    Affected Products : nodepdf
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4983

    A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.... Read more

    Affected Products : enterprise_linux leap opensuse dovecot
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2016-4980

    A password generation weakness exists in xquest through 2016-06-13.... Read more

    Affected Products : enterprise_linux fedora xquest
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-4975

    Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fi... Read more

    Affected Products : http_server
    • Published: Aug. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-4761

    WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS... Read more

    Affected Products : ubuntu_linux webkitgtk\+
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-4676

    A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.... Read more

    Affected Products : mac_os_x safari
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-4644

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with t... Read more

    Affected Products : iphone_os apple_tv mac_os
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-4643

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.... Read more

    Affected Products : iphone_os apple_tv mac_os
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-4642

    In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.... Read more

    Affected Products : iphone_os apple_tv mac_os
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4606

    Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions.... Read more

    Affected Products : curl mac_os_x
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-4572

    In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.... Read more

    Affected Products : cdh
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-4427

    In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.... Read more

    Affected Products : zulip
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-4426

    In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.... Read more

    Affected Products : zulip
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293171 Results