Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-6033

    IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3694

    Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status paramete... Read more

    Affected Products : ecommerce_shopsoftware
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0360

    IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 19... Read more

    Affected Products : websphere_mq websphere_mq_jms
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1889

    Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-1888

    The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1883

    The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1881

    The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1880

    The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10089

    Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.... Read more

    Affected Products : nagios
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8979

    Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.... Read more

    Affected Products : debian_linux dcmtk
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2013-7459

    Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.... Read more

    Affected Products : fedora pycrypto
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5991

    An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and late... Read more

    Affected Products : debian_linux mupdf
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5990

    An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_incl... Read more

    Affected Products : phreebookserp
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2996

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2995

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2994

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2993

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2992

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2991

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2990

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293512 Results