Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-4966

    The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.... Read more

    Affected Products : fortiwan
    • EPSS Score: %2.28
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4965

    Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.... Read more

    Affected Products : fortiwan
    • EPSS Score: %7.70
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4809

    The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.... Read more

    • EPSS Score: %2.26
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4302

    Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.... Read more

    • EPSS Score: %2.34
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4301

    Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.... Read more

    Affected Products : libarchive
    • EPSS Score: %1.44
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4300

    Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer o... Read more

    • EPSS Score: %1.77
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8871

    Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : openjpeg debian_linux
    • EPSS Score: %2.73
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6530

    Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.... Read more

    Affected Products : cdr_dicom
    • EPSS Score: %1.61
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4384

    HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : performance_center loadrunner
    • EPSS Score: %3.54
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2016-4382

    HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.... Read more

    Affected Products : performance_center
    • EPSS Score: %0.12
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0925

    Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authent... Read more

    • EPSS Score: %0.24
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2016-0921

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.... Read more

    Affected Products : avamar_server
    • EPSS Score: %0.10
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0920

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.... Read more

    Affected Products : avamar_server
    • EPSS Score: %0.13
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0917

    The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does n... Read more

    • EPSS Score: %4.13
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-0905

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.... Read more

    Affected Products : avamar_server
    • EPSS Score: %0.21
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-0904

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain se... Read more

    Affected Products : avamar_server
    • EPSS Score: %0.31
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-0903

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.... Read more

    Affected Products : avamar_server
    • EPSS Score: %0.63
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-8960

    The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client sec... Read more

    • EPSS Score: %0.36
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6802

    Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.... Read more

    Affected Products : shiro
    • EPSS Score: %9.91
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6662

    Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local us... Read more

    • EPSS Score: %89.17
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results