Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4463

    Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.... Read more

    Affected Products : debian_linux xerces-c\+\+
    • EPSS Score: %33.47
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4324

    Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.... Read more

    Affected Products : ubuntu_linux debian_linux libreoffice
    • EPSS Score: %0.67
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2945

    The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.63
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2889

    Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticate... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.10
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2888

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.21
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0350

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.17
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0315

    The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.47
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0314

    The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.15
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0313

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.17
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0287

    IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.... Read more

    Affected Products : windows i_access
    • EPSS Score: %0.03
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-0271

    The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecifie... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.04
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2016-0252

    IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.... Read more

    • EPSS Score: %0.05
    • Published: Jul. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2119

    libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FL... Read more

    Affected Products : samba
    • EPSS Score: %1.16
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2923

    IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potent... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.28
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1444

    The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted... Read more

    • EPSS Score: %0.17
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1443

    The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malwa... Read more

    Affected Products : amp_threat_grid_appliance
    • EPSS Score: %0.36
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-1442

    The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.69
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0389

    Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.23
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-0230

    IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via... Read more

    • EPSS Score: %0.08
    • Published: Jul. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6170

    ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service ... Read more

    Affected Products : enterprise_linux bind
    • EPSS Score: %2.61
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291219 Results