Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-8329

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated att... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.50
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8310

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnera... Read more

    Affected Products : flexcube_universal_banking
    • EPSS Score: %0.65
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-2246

    The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.... Read more

    Affected Products : p7-l10_firmware p7-l10
    • EPSS Score: %0.09
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-8011

    Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.... Read more

    Affected Products : endpoint_security_web_control
    • EPSS Score: %0.30
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-7835

    Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.... Read more

    Affected Products : h2o h2o
    • EPSS Score: %3.16
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7400

    Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, o... Read more

    Affected Products : exponent_cms
    • EPSS Score: %18.22
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2016-7060

    The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.... Read more

    Affected Products : quickstart_cloud_installer
    • EPSS Score: %0.08
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6916

    Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, whi... Read more

    • EPSS Score: %0.05
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6103

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.15
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6095

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.39
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6772

    An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. ... Read more

    Affected Products : android
    • EPSS Score: %1.44
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6522

    Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.08
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-0238

    selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.04
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-6269

    Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt... Read more

    Affected Products : smart_protection_server
    • EPSS Score: %1.85
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6244

    The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %1.05
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6062

    IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t... Read more

    Affected Products : resilient
    • EPSS Score: %0.24
    • Published: Feb. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6031

    IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ... Read more

    • EPSS Score: %0.23
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6033

    IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995... Read more

    • EPSS Score: %0.15
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6000

    IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.24
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-5854

    In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Aug. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292628 Results