Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-1240

    The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java pac... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %20.66
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-5995

    Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.... Read more

    Affected Products : linux_kernel aix hp-ux db2 db2_connect
    • EPSS Score: %0.05
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5986

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.44
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3042

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.20
    • Published: Oct. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0617

    Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.... Read more

    Affected Products : linux linux
    • EPSS Score: %0.06
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-6651

    The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.... Read more

    • EPSS Score: %0.58
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-6647

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.18
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2016-6637

    Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x befor... Read more

    • EPSS Score: %0.12
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6636

    The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x ... Read more

    • EPSS Score: %0.24
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4386

    HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : network_automation
    • EPSS Score: %0.05
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4385

    The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC... Read more

    Affected Products : network_automation
    • EPSS Score: %4.91
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7090

    The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its t... Read more

    • EPSS Score: %0.50
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5176

    Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %0.21
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5062

    The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.... Read more

    Affected Products : aternity
    • EPSS Score: %0.48
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5061

    Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.... Read more

    Affected Products : aternity
    • EPSS Score: %0.30
    • Published: Sep. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7568

    Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecifie... Read more

    Affected Products : debian_linux php libgd
    • EPSS Score: %1.06
    • Published: Sep. 28, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-7191

    The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.... Read more

    Affected Products : azure_active_directory_passport
    • EPSS Score: %10.51
    • Published: Sep. 28, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2776

    buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query... Read more

    Affected Products : hp-ux linux solaris bind vm_server
    • EPSS Score: %90.73
    • Published: Sep. 28, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-7498

    OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exist... Read more

    Affected Products : compute compute_\(nova\)
    • EPSS Score: %2.25
    • Published: Sep. 27, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7444

    The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via ... Read more

    Affected Products : gnutls axc_f_2152_firmware
    • EPSS Score: %0.75
    • Published: Sep. 27, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results