Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-0387

    Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerabili... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.17
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-0386

    Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete em... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.10
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0375

    JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.... Read more

    Affected Products : messagesight
    • EPSS Score: %1.07
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0374

    The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.60
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0365

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecifie... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.19
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0364

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.16
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-0362

    IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, v... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.14
    • Published: Jul. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5307

    Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.10
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5306

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on po... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.34
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5305

    Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.46
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-5304

    Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %7.15
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-3653

    Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.16
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3652

    Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.91
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-3651

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %1.49
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3650

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.47
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-3649

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.26
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3648

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering da... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.61
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-3647

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.24
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3646

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SE... Read more

    • EPSS Score: %25.98
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3645

    Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 ... Read more

    • EPSS Score: %75.55
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291269 Results