Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4979

    The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restriction... Read more

    Affected Products : http_server
    • EPSS Score: %32.93
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4508

    Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : bladecontrol-webvis
    • EPSS Score: %0.58
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2016-4507

    SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : bladecontrol-webvis
    • EPSS Score: %0.26
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-1546

    The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modifie... Read more

    Affected Products : http_server
    • EPSS Score: %22.78
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0906

    The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.... Read more

    Affected Products : avamar
    • EPSS Score: %0.40
    • Published: Jul. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5099

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.... Read more

    Affected Products : phpmyadmin opensuse
    • EPSS Score: %0.48
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5098

    Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.... Read more

    Affected Products : phpmyadmin opensuse
    • EPSS Score: %0.39
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5097

    phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.... Read more

    Affected Products : phpmyadmin opensuse
    • EPSS Score: %0.54
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4957

    ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.... Read more

    • EPSS Score: %57.88
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4956

    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.... Read more

    • EPSS Score: %2.28
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-4955

    ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certa... Read more

    • EPSS Score: %5.19
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4954

    The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated ... Read more

    • EPSS Score: %6.94
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4953

    ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.... Read more

    • EPSS Score: %12.64
    • Published: Jul. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4465

    The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.... Read more

    Affected Products : struts
    • EPSS Score: %13.34
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4438

    The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.... Read more

    Affected Products : struts
    • EPSS Score: %53.50
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4433

    Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.... Read more

    Affected Products : struts
    • EPSS Score: %10.63
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4431

    Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.... Read more

    Affected Products : struts
    • EPSS Score: %22.06
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4430

    Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.... Read more

    Affected Products : struts
    • EPSS Score: %2.84
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3092

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU c... Read more

    • EPSS Score: %44.75
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-1182

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to... Read more

    Affected Products : struts
    • EPSS Score: %1.86
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291219 Results