Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-4657

    WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.... Read more

    Affected Products : iphone_os
    • Actively Exploited
    • EPSS Score: %81.81
    • Published: Aug. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4656

    The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : iphone_os
    • Actively Exploited
    • EPSS Score: %74.51
    • Published: Aug. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-4655

    The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.... Read more

    Affected Products : iphone_os
    • Actively Exploited
    • EPSS Score: %79.12
    • Published: Aug. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-6231

    Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.... Read more

    Affected Products : safe_browser
    • EPSS Score: %0.17
    • Published: Aug. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4069

    Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors... Read more

    Affected Products : leap webmail
    • EPSS Score: %1.13
    • Published: Aug. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7089

    WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.... Read more

    Affected Products : rapidstream
    • EPSS Score: %0.21
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6909

    Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.... Read more

    Affected Products : fortios fortiswitch
    • EPSS Score: %71.56
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-5812

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.... Read more

    • EPSS Score: %0.05
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5799

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    • EPSS Score: %0.59
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5650

    ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value.... Read more

    Affected Products : zp-ibh-13w zp-ne-14-s
    • EPSS Score: %1.06
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5645

    Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveragin... Read more

    • EPSS Score: %30.31
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5081

    ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.... Read more

    Affected Products : zp-ibh-13w zp-ne-14-s
    • EPSS Score: %0.88
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6365

    Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.... Read more

    • EPSS Score: %0.23
    • Published: Aug. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6364

    The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.73
    • Published: Aug. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6355

    Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.74
    • Published: Aug. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1484

    Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.25
    • Published: Aug. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1477

    Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891.... Read more

    Affected Products : connected_streaming_analytics
    • EPSS Score: %0.22
    • Published: Aug. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6363

    The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 fr... Read more

    • EPSS Score: %0.93
    • Published: Aug. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6362

    Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.... Read more

    • EPSS Score: %0.34
    • Published: Aug. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6361

    The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU h... Read more

    • EPSS Score: %1.06
    • Published: Aug. 22, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291558 Results