Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-5208

    Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via ... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5207

    In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code executi... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5206

    The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5205

    Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5204

    Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5203

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5201

    A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5200

    V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5199

    An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit ... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5198

    V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to cod... Read more

    • Actively Exploited
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5197

    The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5196

    The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those ... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9680

    Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.... Read more

    Affected Products : provisioning_services
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9679

    Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.... Read more

    Affected Products : provisioning_services
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9678

    Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : provisioning_services
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9677

    Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.... Read more

    Affected Products : provisioning_services
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9676

    Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : provisioning_services
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6497

    main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.... Read more

    Affected Products : groovy groovy_ldap
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6283

    Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.... Read more

    Affected Products : confluence
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6271

    The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.... Read more

    Affected Products : bzrtp
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293168 Results