Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-0922

    EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.... Read more

    Affected Products : vipr_srm
    • EPSS Score: %0.53
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0897

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : operations_manager
    • EPSS Score: %0.48
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0896

    Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging acces... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • EPSS Score: %0.14
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0883

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key ... Read more

    Affected Products : operations_manager
    • EPSS Score: %0.16
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-7419

    Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %0.20
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7418

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrec... Read more

    Affected Products : php
    • EPSS Score: %1.05
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7417

    ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via... Read more

    Affected Products : php
    • EPSS Score: %1.14
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7416

    ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) o... Read more

    Affected Products : php
    • EPSS Score: %1.03
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7415

    Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via... Read more

    • EPSS Score: %2.35
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7414

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly ha... Read more

    Affected Products : php
    • EPSS Score: %0.92
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7413

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that... Read more

    Affected Products : php
    • EPSS Score: %0.86
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-7412

    ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspeci... Read more

    Affected Products : php
    • EPSS Score: %1.33
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7411

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that referen... Read more

    Affected Products : php
    • EPSS Score: %0.76
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6644

    EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.49
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1482

    Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.70
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6938

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • EPSS Score: %1.94
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6937

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %1.85
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6407

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %1.20
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-6401

    Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.... Read more

    Affected Products : carrier_routing_system
    • EPSS Score: %0.85
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2016-5843

    Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.... Read more

    Affected Products : faq
    • EPSS Score: %1.10
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291659 Results