Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-5301

    The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.... Read more

    Affected Products : leap opensuse libtorrent
    • EPSS Score: %1.38
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-5020

    F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.... Read more

    • EPSS Score: %1.76
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4971

    GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.... Read more

    Affected Products : ubuntu_linux solaris wget pan-os
    • EPSS Score: %75.93
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4803

    CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.40
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4472

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists becau... Read more

    • EPSS Score: %2.44
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-4309

    Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %21.88
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3189

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.... Read more

    Affected Products : python bzip2
    • EPSS Score: %13.71
    • Published: Jun. 30, 2016
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2015-8899

    Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.... Read more

    Affected Products : ubuntu_linux dnsmasq
    • EPSS Score: %0.08
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-5840

    hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.... Read more

    • EPSS Score: %14.10
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-5729

    Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.... Read more

    Affected Products : bios_efi_driver
    • EPSS Score: %0.15
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5368

    Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.... Read more

    Affected Products : ar3200_firmware ar3200
    • EPSS Score: %0.44
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5249

    Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.... Read more

    Affected Products : solution_center
    • EPSS Score: %0.17
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5248

    The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.... Read more

    Affected Products : solution_center
    • EPSS Score: %0.07
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-5232

    Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.... Read more

    Affected Products : mate_8_firmware mate_8
    • EPSS Score: %0.07
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5231

    Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app.... Read more

    Affected Products : mate_8_firmware mate_8
    • EPSS Score: %0.10
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-5230

    Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app.... Read more

    Affected Products : mate_8_firmware mate_8
    • EPSS Score: %0.21
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4474

    The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to... Read more

    Affected Products : openstack
    • EPSS Score: %0.17
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4086

    Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.... Read more

    Affected Products : hisuite
    • EPSS Score: %0.06
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-4057

    Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.... Read more

    Affected Products : fusioncompute
    • EPSS Score: %0.10
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2141

    It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within ... Read more

    • EPSS Score: %0.88
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291222 Results