Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2016-6158

    Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) ... Read more

    • EPSS Score: %0.16
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5844

    Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.... Read more

    • EPSS Score: %2.48
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5427

    PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.... Read more

    Affected Products : authoritative_server authoritative
    • EPSS Score: %32.02
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5426

    PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.... Read more

    Affected Products : authoritative_server authoritative
    • EPSS Score: %2.50
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5418

    The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.... Read more

    • EPSS Score: %5.22
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-5017

    Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.... Read more

    Affected Products : zookeeper
    • EPSS Score: %10.58
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4969

    Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.... Read more

    Affected Products : fortiwan
    • EPSS Score: %0.72
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-4968

    The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.... Read more

    Affected Products : fortiwan
    • EPSS Score: %3.49
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-4967

    Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.... Read more

    Affected Products : fortiwan
    • EPSS Score: %1.93
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-4966

    The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.... Read more

    Affected Products : fortiwan
    • EPSS Score: %2.28
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4965

    Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.... Read more

    Affected Products : fortiwan
    • EPSS Score: %7.70
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4809

    The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.... Read more

    • EPSS Score: %2.26
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4302

    Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.... Read more

    • EPSS Score: %2.34
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4301

    Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.... Read more

    Affected Products : libarchive
    • EPSS Score: %1.44
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4300

    Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer o... Read more

    • EPSS Score: %1.77
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8871

    Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : openjpeg debian_linux
    • EPSS Score: %2.73
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6530

    Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.... Read more

    Affected Products : cdr_dicom
    • EPSS Score: %1.61
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4384

    HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : performance_center loadrunner
    • EPSS Score: %3.54
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2016-4382

    HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.... Read more

    Affected Products : performance_center
    • EPSS Score: %0.12
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0925

    Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authent... Read more

    • EPSS Score: %0.24
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291641 Results