Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-8542

    An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify th... Read more

    Affected Products : ox_guard
    • EPSS Score: %0.16
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-3685

    SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in th... Read more

    Affected Products : macos windows download_manager
    • EPSS Score: %0.05
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-3684

    SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.... Read more

    Affected Products : macos windows download_manager
    • EPSS Score: %0.07
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-8241

    XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.... Read more

    • EPSS Score: %0.32
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-4443

    Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000156

    Mailcwp remote file upload vulnerability incomplete fix v1.100... Read more

    Affected Products : mailcwp
    • EPSS Score: %16.39
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9035

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • EPSS Score: %0.06
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9034

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • EPSS Score: %0.06
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9033

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • EPSS Score: %0.06
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-9032

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an ... Read more

    Affected Products : smartos
    • EPSS Score: %0.06
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9031

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an... Read more

    Affected Products : smartos
    • EPSS Score: %0.17
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-8733

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an... Read more

    Affected Products : smartos
    • EPSS Score: %0.17
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6277

    NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, ... Read more

    • Actively Exploited
    • EPSS Score: %94.28
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9215

    A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.... Read more

    Affected Products : ios_xr carrier_routing_system
    • EPSS Score: %0.07
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9214

    Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CS... Read more

    Affected Products : identity_services_engine_software
    • EPSS Score: %0.35
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9212

    A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or ... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.88
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9211

    A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases... Read more

    • EPSS Score: %1.65
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9210

    A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Rel... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %2.28
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-9209

    A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Applia... Read more

    • EPSS Score: %0.30
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-9208

    A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected ... Read more

    Affected Products : emergency_responder
    • EPSS Score: %1.01
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292387 Results