Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7416

    ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) o... Read more

    Affected Products : php
    • EPSS Score: %1.03
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7415

    Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via... Read more

    • EPSS Score: %2.35
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7414

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly ha... Read more

    Affected Products : php
    • EPSS Score: %0.92
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7413

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that... Read more

    Affected Products : php
    • EPSS Score: %0.86
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-7412

    ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspeci... Read more

    Affected Products : php
    • EPSS Score: %1.33
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7411

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that referen... Read more

    Affected Products : php
    • EPSS Score: %0.76
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6644

    EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.49
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1482

    Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.70
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6938

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • EPSS Score: %1.94
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6937

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %1.85
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6407

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %1.20
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-6401

    Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.... Read more

    Affected Products : carrier_routing_system
    • EPSS Score: %0.85
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2016-5843

    Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.... Read more

    Affected Products : faq
    • EPSS Score: %1.10
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-7420

    Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive informati... Read more

    Affected Products : crypto\+\+
    • EPSS Score: %0.58
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6936

    Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.... Read more

    Affected Products : mac_os_x windows air_sdk_\&_compiler
    • EPSS Score: %0.86
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6303

    Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : openssl node.js
    • EPSS Score: %34.39
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6302

    The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.... Read more

    Affected Products : openssl linux solaris
    • EPSS Score: %14.26
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4263

    Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : digital_editions
    • EPSS Score: %1.97
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4262

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-42... Read more

    Affected Products : digital_editions
    • EPSS Score: %5.86
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4261

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-42... Read more

    Affected Products : digital_editions
    • EPSS Score: %5.86
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results