Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2016-5107

    The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.07
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-5106

    The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involvi... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.08
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2016-5105

    The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a M... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.08
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-4952

    QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PV... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.12
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0772

    The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position ... Read more

    Affected Products : python
    • EPSS Score: %6.98
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-6483

    The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.... Read more

    Affected Products : vbulletin
    • EPSS Score: %14.40
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4853

    AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.... Read more

    Affected Products : happy_wardrobe
    • EPSS Score: %0.36
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4851

    Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : simple_chat
    • EPSS Score: %0.28
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4848

    Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clipbucket
    • EPSS Score: %0.37
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6376

    The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device res... Read more

    • EPSS Score: %0.90
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1473

    Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.... Read more

    • EPSS Score: %3.11
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1472

    The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.... Read more

    • EPSS Score: %1.41
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1471

    Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.... Read more

    • EPSS Score: %0.47
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1470

    Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.... Read more

    • EPSS Score: %0.24
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6298

    The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).... Read more

    Affected Products : jwcrypto jwcrypto
    • EPSS Score: %0.45
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4264

    The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity decl... Read more

    Affected Products : coldfusion
    • EPSS Score: %55.38
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5047

    NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.... Read more

    Affected Products : oncommand_system_manager
    • EPSS Score: %0.68
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3010

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vu... Read more

    Affected Products : connections
    • EPSS Score: %0.20
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3008

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and ... Read more

    Affected Products : connections
    • EPSS Score: %0.17
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3005

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vu... Read more

    Affected Products : connections
    • EPSS Score: %0.20
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291570 Results