Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2016-1242

    file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.... Read more

    Affected Products : trytond tryton
    • EPSS Score: %0.21
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1241

    Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.... Read more

    Affected Products : trytond tryton
    • EPSS Score: %0.24
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7034

    The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cr... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.04
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-7033

    Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.35
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6855

    Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF... Read more

    • EPSS Score: %2.55
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-6351

    The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arb... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.24
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6346

    RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : resteasy
    • EPSS Score: %2.02
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6345

    RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.... Read more

    Affected Products : resteasy
    • EPSS Score: %0.15
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-6344

    Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.46
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-7153

    The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party c... Read more

    • EPSS Score: %3.92
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-7152

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party co... Read more

    • EPSS Score: %3.92
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-7114

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • EPSS Score: %0.42
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7113

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • EPSS Score: %0.43
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7112

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • EPSS Score: %0.52
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-6377

    Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52... Read more

    Affected Products : media_origination_system_suite
    • EPSS Score: %0.34
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5430

    The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).... Read more

    Affected Products : jose-php
    • EPSS Score: %0.53
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5429

    jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.... Read more

    Affected Products : jose-php
    • EPSS Score: %0.32
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1464

    Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.... Read more

    Affected Products : webex_meetings webex_wrf_player_t29
    • EPSS Score: %4.48
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-1415

    Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.... Read more

    Affected Products : webex_meetings webex_wrf_player_t29
    • EPSS Score: %4.09
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5721

    Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.... Read more

    • EPSS Score: %0.86
    • Published: Sep. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291737 Results