Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-9964

    redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.... Read more

    Affected Products : debian_linux bottle
    • EPSS Score: %1.09
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9838

    An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and res... Read more

    Affected Products : joomla\!
    • EPSS Score: %2.87
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9837

    An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly ac... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-6657

    An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops M... Read more

    • EPSS Score: %0.19
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-6656

    An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have super... Read more

    Affected Products : greenplum
    • EPSS Score: %0.43
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2016-3129

    A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS... Read more

    Affected Products : good_enterprise_mobility_server
    • EPSS Score: %1.93
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-1430

    An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key... Read more

    Affected Products : debian_linux xrdp
    • EPSS Score: %0.35
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9566

    base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.... Read more

    Affected Products : nagios
    • EPSS Score: %9.60
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9565

    MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incom... Read more

    Affected Products : nagios
    • EPSS Score: %21.87
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6574

    The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.... Read more

    • EPSS Score: %0.74
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-3271

    Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.... Read more

    Affected Products : tika
    • EPSS Score: %0.27
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7892

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.... Read more

    • Actively Exploited
    • EPSS Score: %23.36
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-7891

    Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.... Read more

    Affected Products : windows robohelp
    • EPSS Score: %0.99
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7890

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.... Read more

    • EPSS Score: %0.48
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7889

    Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.... Read more

    Affected Products : digital_editions
    • EPSS Score: %8.62
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-7888

    Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.... Read more

    Affected Products : digital_editions
    • EPSS Score: %2.70
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7887

    Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.... Read more

    • EPSS Score: %8.62
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7886

    Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : macos windows indesign indesign_server
    • EPSS Score: %9.92
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7885

    Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.... Read more

    Affected Products : experience_manager
    • EPSS Score: %1.18
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-7884

    Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.... Read more

    Affected Products : experience_manager
    • EPSS Score: %1.32
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292511 Results