Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-5135

    WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Conte... Read more

    Affected Products : chrome
    • EPSS Score: %0.87
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5134

    net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a ser... Read more

    Affected Products : chrome
    • EPSS Score: %0.76
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5133

    Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data ... Read more

    Affected Products : chrome
    • EPSS Score: %0.63
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5132

    The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an ht... Read more

    Affected Products : chrome
    • EPSS Score: %1.10
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5131

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.... Read more

    • EPSS Score: %4.20
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5130

    content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.... Read more

    Affected Products : chrome
    • EPSS Score: %0.72
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5129

    Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted... Read more

    Affected Products : chrome v8
    • EPSS Score: %1.33
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5128

    objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a craft... Read more

    Affected Products : chrome v8
    • EPSS Score: %0.74
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5127

    Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code ... Read more

    Affected Products : chrome
    • EPSS Score: %2.31
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1711

    WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a ... Read more

    Affected Products : chrome
    • EPSS Score: %1.05
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1710

    The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Polic... Read more

    Affected Products : chrome
    • EPSS Score: %0.89
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1709

    Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact ... Read more

    Affected Products : chrome sfntly
    • EPSS Score: %1.13
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1708

    The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (u... Read more

    Affected Products : chrome
    • EPSS Score: %1.50
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1707

    ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.... Read more

    Affected Products : chrome
    • EPSS Score: %0.66
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2016-1706

    The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism ... Read more

    Affected Products : chrome
    • EPSS Score: %0.59
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1705

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %0.62
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6204

    Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : sinema_remote_connect_server
    • EPSS Score: %0.29
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5874

    Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.... Read more

    Affected Products : simatic_net_pc-software
    • EPSS Score: %1.30
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5744

    Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.... Read more

    Affected Products : simatic_wincc
    • EPSS Score: %0.44
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5743

    Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenP... Read more

    • EPSS Score: %5.63
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291385 Results