Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7141

    curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a... Read more

    Affected Products : leap curl libcurl
    • EPSS Score: %0.52
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-7046

    Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.... Read more

    • EPSS Score: %5.48
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6905

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.... Read more

    Affected Products : leap opensuse libgd
    • EPSS Score: %1.09
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-8086

    Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 ro... Read more

    • EPSS Score: %0.03
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-8085

    Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 ro... Read more

    • EPSS Score: %0.04
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-1832

    XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) v... Read more

    Affected Products : derby
    • EPSS Score: %0.36
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4119

    FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.... Read more

    Affected Products : freerdp freerdp
    • EPSS Score: %1.14
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2013-4118

    FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.... Read more

    Affected Products : leap opensuse freerdp
    • EPSS Score: %1.90
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7572

    The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.... Read more

    Affected Products : drupal
    • EPSS Score: %0.25
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-7571

    Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.... Read more

    Affected Products : drupal
    • EPSS Score: %0.40
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7570

    Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.... Read more

    Affected Products : drupal
    • EPSS Score: %0.37
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7405

    The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.... Read more

    Affected Products : fedora php adodb
    • EPSS Score: %3.10
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7401

    The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.... Read more

    Affected Products : ubuntu_linux debian_linux django
    • EPSS Score: %6.63
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7031

    The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.... Read more

    Affected Products : ceph_storage ceph
    • EPSS Score: %0.51
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6494

    The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.... Read more

    Affected Products : fedora mongodb
    • EPSS Score: %0.08
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6352

    The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.... Read more

    Affected Products : ubuntu_linux leap gdk-pixbuf opensuse
    • EPSS Score: %1.78
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-5432

    The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5398

    Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.19
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5019

    CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.... Read more

    Affected Products : myfaces myfaces_trinidad
    • EPSS Score: %6.02
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-1372

    ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.... Read more

    Affected Products : ubuntu_linux clamav
    • EPSS Score: %3.31
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results