Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2016-6034

    IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-6349

    The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.... Read more

    Affected Products : oci-register-machine
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6519

    Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.... Read more

    Affected Products : openstack manila
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6812

    The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base UR... Read more

    Affected Products : cxf
    • Published: Aug. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-6896

    Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin par... Read more

    Affected Products : wordpress
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7054

    In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.... Read more

    Affected Products : openssl
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-7135

    Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceedito... Read more

    Affected Products : plone
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-7137

    Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2... Read more

    Affected Products : plone
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7393

    Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.... Read more

    Affected Products : libav
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-7407

    The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.... Read more

    Affected Products : dropbear_ssh
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7521

    Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7526

    coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-7585

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thund... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7603

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7610

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to exe... Read more

    Affected Products : itunes iphone_os safari icloud
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-7613

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arb... Read more

    Affected Products : mac_os_x iphone_os watchos safari
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7645

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to exe... Read more

    Affected Products : itunes iphone_os safari icloud
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7649

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to exe... Read more

    Affected Products : itunes iphone_os safari icloud
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7658

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a d... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7798

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.... Read more

    Affected Products : debian_linux openssl openssl
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293435 Results