Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2015-1000002

    Open Proxy in filedownload v1.4 wordpress plugin... Read more

    Affected Products : filedownload
    • EPSS Score: %3.09
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-1000001

    Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin... Read more

    Affected Products : fast-image-adder
    • EPSS Score: %7.84
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-1000000

    Remote file upload vulnerability in mailcwp v1.99 wordpress plugin... Read more

    Affected Products : mailcwp
    • EPSS Score: %10.09
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6653

    The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.... Read more

    Affected Products : cloud_foundry_cf_mysql
    • EPSS Score: %0.30
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6436

    Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.... Read more

    Affected Products : hostscan_engine
    • EPSS Score: %0.25
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6435

    The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.... Read more

    • EPSS Score: %55.03
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6434

    Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.... Read more

    • EPSS Score: %0.38
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-6433

    The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.... Read more

    • EPSS Score: %72.60
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6428

    Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.08
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-6427

    Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, a... Read more

    • EPSS Score: %0.13
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6425

    Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL,... Read more

    • EPSS Score: %0.30
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6424

    The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.... Read more

    • EPSS Score: %0.68
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6422

    Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that sho... Read more

    Affected Products : ios
    • EPSS Score: %0.21
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6027

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify da... Read more

    Affected Products : sterling_secure_proxy
    • EPSS Score: %0.24
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6026

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.... Read more

    Affected Products : sterling_secure_proxy
    • EPSS Score: %0.07
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6025

    The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involvi... Read more

    Affected Products : sterling_secure_proxy
    • EPSS Score: %0.20
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6023

    Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.... Read more

    Affected Products : sterling_secure_proxy
    • EPSS Score: %0.22
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-1454

    Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP... Read more

    • EPSS Score: %1.40
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1453

    Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.... Read more

    Affected Products : nx-os nx-os
    • EPSS Score: %26.08
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6393

    Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent... Read more

    • EPSS Score: %0.99
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291717 Results