Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-3255

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) iss... Read more

    Affected Products : .net_framework
    • EPSS Score: %38.59
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3254

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted applic... Read more

    • EPSS Score: %0.47
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-3252

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted applic... Read more

    • EPSS Score: %2.65
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 2.8

    LOW
    CVE-2016-3251

    The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensiti... Read more

    • EPSS Score: %10.54
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-3250

    The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."... Read more

    Affected Products : windows_10 windows_server_2012
    • EPSS Score: %1.16
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-3249

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted applic... Read more

    • EPSS Score: %1.19
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3248

    The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory co... Read more

    Affected Products : edge internet_explorer
    • EPSS Score: %25.18
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3246

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more

    Affected Products : edge
    • EPSS Score: %18.28
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3245

    Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %11.96
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-3244

    Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."... Read more

    Affected Products : edge
    • EPSS Score: %20.01
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3243

    Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • EPSS Score: %16.93
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3242

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %26.20
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3241

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %16.93
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3240

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %26.20
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3239

    The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors invol... Read more

    • EPSS Score: %0.81
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3238

    The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary... Read more

    • EPSS Score: %16.05
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3204

    The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web sit... Read more

    Affected Products : internet_explorer
    • EPSS Score: %22.61
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-6174

    applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arb... Read more

    Affected Products : php invision_power_board
    • EPSS Score: %23.48
    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5850

    Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : public_cloud_solution
    • EPSS Score: %0.09
    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-5774

    The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.... Read more

    Affected Products : packetshaper_s-series
    • EPSS Score: %0.40
    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291293 Results