Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-6642

    Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.07
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-6641

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.20
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6639

    Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs d... Read more

    • EPSS Score: %0.61
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0930

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period ... Read more

    Affected Products : operations_manager
    • EPSS Score: %0.34
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0929

    The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated b... Read more

    Affected Products : rabbitmq
    • EPSS Score: %0.31
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-0928

    Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • EPSS Score: %0.22
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0927

    Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • EPSS Score: %0.25
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0926

    Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts wit... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • EPSS Score: %0.32
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0923

    The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic p... Read more

    Affected Products : bsafe rsa_bsafe
    • EPSS Score: %0.58
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0922

    EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.53
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0897

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : operations_manager
    • EPSS Score: %0.48
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0896

    Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging acces... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • EPSS Score: %0.14
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0883

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key ... Read more

    Affected Products : operations_manager
    • EPSS Score: %0.16
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-7419

    Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %0.20
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7418

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrec... Read more

    Affected Products : php
    • EPSS Score: %1.05
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7417

    ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via... Read more

    Affected Products : php
    • EPSS Score: %1.14
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7416

    ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) o... Read more

    Affected Products : php
    • EPSS Score: %1.03
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7415

    Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via... Read more

    • EPSS Score: %2.35
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7414

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly ha... Read more

    Affected Products : php
    • EPSS Score: %0.92
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7413

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that... Read more

    Affected Products : php
    • EPSS Score: %0.86
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291608 Results