Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-7560

    The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : fortiwlc
    • EPSS Score: %2.56
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-7435

    The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vecto... Read more

    Affected Products : netweaver
    • EPSS Score: %1.21
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7161

    Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %5.18
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-6652

    SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL comman... Read more

    Affected Products : spring_data_jpa
    • EPSS Score: %0.32
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5745

    F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modif... Read more

    Affected Products : big-ip_local_traffic_manager
    • EPSS Score: %3.89
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4551

    The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.... Read more

    Affected Products : netweaver sap_aba sap_basis
    • EPSS Score: %0.29
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1246

    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.... Read more

    Affected Products : debian_linux perl dbd-mysql
    • EPSS Score: %1.14
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8343

    Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : web_scada
    • EPSS Score: %7.94
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-6420

    Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.05
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6419

    SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.... Read more

    • EPSS Score: %0.54
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5983

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %13.76
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5901

    Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.17
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5892

    Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspeci... Read more

    • EPSS Score: %0.17
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5686

    Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.... Read more

    • EPSS Score: %3.01
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5086

    Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.... Read more

    • EPSS Score: %3.01
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5085

    Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.... Read more

    • EPSS Score: %3.20
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5084

    Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.... Read more

    • EPSS Score: %1.72
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4390

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.... Read more

    Affected Products : keyview
    • EPSS Score: %2.02
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4389

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.... Read more

    Affected Products : keyview
    • EPSS Score: %2.02
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4388

    The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.... Read more

    Affected Products : keyview
    • EPSS Score: %2.02
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results