Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2015-8950

    arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggerin... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.15
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2015-0572

    Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1000007

    Pagure 2.2.1 XSS in raw file endpoint... Read more

    Affected Products : pagure
    • EPSS Score: %0.24
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000003

    Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.... Read more

    Affected Products : mirror_manager
    • EPSS Score: %2.60
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-1000001

    flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect... Read more

    Affected Products : flask-oidc
    • EPSS Score: %0.18
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2016-7777

    Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hyperv... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7424

    The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.... Read more

    Affected Products : debian_linux libav
    • EPSS Score: %0.24
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7167

    Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-b... Read more

    Affected Products : fedora curl libcurl
    • EPSS Score: %2.27
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-7040

    Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the abil... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.64
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6323

    The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as ... Read more

    Affected Products : fedora opensuse glibc
    • EPSS Score: %1.13
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6273

    The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to ... Read more

    Affected Products : license_server license_server_vpx
    • EPSS Score: %1.67
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-3699

    The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the... Read more

    Affected Products : linux_kernel enterprise_mrg linux
    • EPSS Score: %0.04
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7363

    Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote adminis... Read more

    • EPSS Score: %0.33
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5162

    The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consum... Read more

    Affected Products : glance nova cinder glance
    • EPSS Score: %3.20
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-2080

    The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.... Read more

    Affected Products : fedora jetty
    • EPSS Score: %92.09
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000217

    Zotpress plugin for WordPress SQLi in zp_get_account()... Read more

    Affected Products : zotpress zotpress
    • EPSS Score: %11.40
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000125

    Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla... Read more

    Affected Products : huge-it_catalog catalog
    • EPSS Score: %2.25
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000124

    Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6... Read more

    Affected Products : portfolio_gallery
    • EPSS Score: %2.27
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000123

    Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla... Read more

    Affected Products : video_gallery
    • EPSS Score: %6.45
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1000114

    XSS in huge IT gallery v1.1.5 for Joomla... Read more

    Affected Products : image_gallery gallery
    • EPSS Score: %0.23
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results