Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-8919

    The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.... Read more

    • EPSS Score: %6.37
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8918

    The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."... Read more

    • EPSS Score: %2.04
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8917

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.... Read more

    Affected Products : ubuntu_linux debian_linux libarchive
    • EPSS Score: %5.59
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8916

    bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file... Read more

    Affected Products : ubuntu_linux debian_linux libarchive
    • EPSS Score: %0.90
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8915

    bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.... Read more

    Affected Products : libarchive
    • EPSS Score: %0.44
    • Published: Sep. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6537

    AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these ... Read more

    Affected Products : eh6108h\+_firmware eh6108h\+
    • EPSS Score: %0.23
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6536

    The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.... Read more

    Affected Products : eh6108h\+_firmware eh6108h\+
    • EPSS Score: %0.80
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6535

    AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.... Read more

    Affected Products : eh6108h\+_firmware eh6108h\+
    • EPSS Score: %0.73
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6415

    The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security ... Read more

    Affected Products : ios_xe ios ios_xr
    • Actively Exploited
    • EPSS Score: %92.95
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-5814

    Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS... Read more

    • EPSS Score: %0.29
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4860

    Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change val... Read more

    Affected Products : stardom_opc_server stardom_fcn\/fcj
    • EPSS Score: %0.92
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4526

    ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.... Read more

    Affected Products : tracer_sc
    • EPSS Score: %0.06
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1483

    Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.51
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0870

    The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.... Read more

    Affected Products : tracer_sc_firmware tracer_sc
    • EPSS Score: %0.42
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-6405

    Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.... Read more

    Affected Products : fog_director
    • EPSS Score: %0.18
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6404

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.... Read more

    Affected Products : ios
    • EPSS Score: %0.30
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6403

    The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.... Read more

    Affected Products : ios
    • EPSS Score: %0.56
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6402

    UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.... Read more

    • EPSS Score: %0.08
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-4749

    Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4747

    Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.17
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291717 Results