Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-6291

    The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive informa... Read more

    Affected Products : php
    • EPSS Score: %4.80
    • Published: Jul. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6290

    ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other ... Read more

    Affected Products : php
    • EPSS Score: %6.56
    • Published: Jul. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6289

    Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified oth... Read more

    Affected Products : php
    • EPSS Score: %2.77
    • Published: Jul. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6288

    The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.... Read more

    Affected Products : php
    • EPSS Score: %6.64
    • Published: Jul. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5137

    The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does no... Read more

    Affected Products : chrome
    • EPSS Score: %0.55
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5136

    Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related... Read more

    Affected Products : chrome
    • EPSS Score: %1.96
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5135

    WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Conte... Read more

    Affected Products : chrome
    • EPSS Score: %0.87
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5134

    net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a ser... Read more

    Affected Products : chrome
    • EPSS Score: %0.76
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5133

    Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data ... Read more

    Affected Products : chrome
    • EPSS Score: %0.63
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5132

    The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an ht... Read more

    Affected Products : chrome
    • EPSS Score: %1.10
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5131

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.... Read more

    • EPSS Score: %4.20
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-5130

    content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.... Read more

    Affected Products : chrome
    • EPSS Score: %0.72
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5129

    Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted... Read more

    Affected Products : chrome v8
    • EPSS Score: %1.33
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5128

    objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a craft... Read more

    Affected Products : chrome v8
    • EPSS Score: %0.74
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5127

    Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code ... Read more

    Affected Products : chrome
    • EPSS Score: %2.31
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1711

    WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a ... Read more

    Affected Products : chrome
    • EPSS Score: %1.05
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1710

    The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Polic... Read more

    Affected Products : chrome
    • EPSS Score: %0.89
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1709

    Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact ... Read more

    Affected Products : chrome sfntly
    • EPSS Score: %1.13
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1708

    The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (u... Read more

    Affected Products : chrome
    • EPSS Score: %1.50
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1707

    ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.... Read more

    Affected Products : chrome
    • EPSS Score: %0.66
    • Published: Jul. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results