Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-5430

    The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).... Read more

    Affected Products : jose-php
    • EPSS Score: %0.53
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5429

    jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.... Read more

    Affected Products : jose-php
    • EPSS Score: %0.32
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1464

    Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.... Read more

    Affected Products : webex_meetings webex_wrf_player_t29
    • EPSS Score: %4.48
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-1415

    Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.... Read more

    Affected Products : webex_meetings webex_wrf_player_t29
    • EPSS Score: %4.09
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5721

    Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.... Read more

    • EPSS Score: %0.86
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-5720

    Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp... Read more

    • EPSS Score: %0.25
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5719

    app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.... Read more

    • EPSS Score: %0.43
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7123

    Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.... Read more

    Affected Products : mailman
    • EPSS Score: %0.22
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-6893

    Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to th... Read more

    Affected Products : mailman
    • EPSS Score: %0.44
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5879

    MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.... Read more

    • EPSS Score: %0.04
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5699

    CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.... Read more

    Affected Products : python
    • EPSS Score: %10.84
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5636

    Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer ... Read more

    Affected Products : python
    • EPSS Score: %66.94
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-5107

    The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.07
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-5106

    The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involvi... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.08
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2016-5105

    The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a M... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.08
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-4952

    QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PV... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.12
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0772

    The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position ... Read more

    Affected Products : python
    • EPSS Score: %6.98
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-6483

    The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.... Read more

    Affected Products : vbulletin
    • EPSS Score: %14.40
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4853

    AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.... Read more

    Affected Products : happy_wardrobe
    • EPSS Score: %0.36
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4851

    Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : simple_chat
    • EPSS Score: %0.28
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291722 Results