Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2016-4955

    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certa... Read more

    • EPSS Score: %5.19
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4954

    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated ... Read more

    • EPSS Score: %6.94
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4953

    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.... Read more

    • EPSS Score: %12.64
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4465

    The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.... Read more

    Affected Products : struts
    • EPSS Score: %13.34
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4438

    The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.... Read more

    Affected Products : struts
    • EPSS Score: %53.50
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4433

    Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.... Read more

    Affected Products : struts
    • EPSS Score: %10.63
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4431

    Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.... Read more

    Affected Products : struts
    • EPSS Score: %22.06
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4430

    Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.... Read more

    Affected Products : struts
    • EPSS Score: %2.84
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3092

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU c... Read more

    • EPSS Score: %44.75
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-1182

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to... Read more

    Affected Products : struts
    • EPSS Score: %1.86
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1181

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a ... Read more

    Affected Products : struts banking_platform portal
    • EPSS Score: %6.13
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0899

    The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.... Read more

    Affected Products : struts
    • EPSS Score: %86.91
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-5849

    Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.... Read more

    Affected Products : sicam_pas\/pqs sicam_pas
    • EPSS Score: %0.09
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.7

    MEDIUM
    CVE-2016-5848

    Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.... Read more

    Affected Products : sicam_pas\/pqs sicam_pas
    • EPSS Score: %0.14
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2016-0899

    EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.... Read more

    Affected Products : rsa_archer_egrc
    • EPSS Score: %0.17
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-6130

    Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.06
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-4998

    The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging ... Read more

    Affected Products : linux_kernel ubuntu_linux linux
    • EPSS Score: %1.24
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4997

    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container r... Read more

    • EPSS Score: %5.22
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3955

    The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %12.80
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-2894

    IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging prev... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.06
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291209 Results