Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-4430

    Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.... Read more

    Affected Products : struts
    • EPSS Score: %2.84
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3092

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU c... Read more

    • EPSS Score: %44.75
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-1182

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to... Read more

    Affected Products : struts
    • EPSS Score: %1.86
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1181

    ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a ... Read more

    Affected Products : struts banking_platform portal
    • EPSS Score: %6.13
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-0899

    The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.... Read more

    Affected Products : struts
    • EPSS Score: %86.91
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-5849

    Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.... Read more

    Affected Products : sicam_pas\/pqs sicam_pas
    • EPSS Score: %0.09
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.7

    MEDIUM
    CVE-2016-5848

    Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.... Read more

    Affected Products : sicam_pas\/pqs sicam_pas
    • EPSS Score: %0.14
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.3

    MEDIUM
    CVE-2016-0899

    EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.... Read more

    Affected Products : rsa_archer_egrc
    • EPSS Score: %0.17
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-6130

    Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.06
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-4998

    The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging ... Read more

    Affected Products : linux_kernel ubuntu_linux linux
    • EPSS Score: %1.24
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4997

    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container r... Read more

    • EPSS Score: %5.22
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3955

    The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP ... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %12.80
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-2894

    IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging prev... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.06
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-2863

    Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XS... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.10
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2862

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.43
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2074

    Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.... Read more

    Affected Products : openshift openvswitch
    • EPSS Score: %8.55
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1704

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %0.80
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1425

    Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.... Read more

    Affected Products : ios
    • EPSS Score: %0.30
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-1398

    Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial... Read more

    • EPSS Score: %0.30
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1337

    Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.... Read more

    Affected Products : epc3928_firmware epc3928
    • EPSS Score: %4.21
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291222 Results