Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-0322

    Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.... Read more

    Affected Products : connections
    • EPSS Score: %0.17
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5839

    WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.22
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5838

    WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.59
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5837

    WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.... Read more

    Affected Products : wordpress
    • EPSS Score: %0.76
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5836

    The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : wordpress
    • EPSS Score: %5.18
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5835

    WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.78
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5834

    Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerabil... Read more

    Affected Products : wordpress
    • EPSS Score: %0.82
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5833

    Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vu... Read more

    Affected Products : wordpress
    • EPSS Score: %0.82
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5832

    The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.59
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-5101

    Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.... Read more

    Affected Products : windows opera_mail
    • EPSS Score: %1.06
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-1237

    nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2012-6703

    Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-0304

    The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via u... Read more

    Affected Products : domino
    • EPSS Score: %1.11
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0298

    Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more

    • EPSS Score: %0.36
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-0267

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.20
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-0263

    IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.... Read more

    • EPSS Score: %0.04
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0260

    Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.66
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-8699

    Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary... Read more

    • EPSS Score: %0.38
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8698

    CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request contai... Read more

    • EPSS Score: %0.26
    • Published: Jun. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0233

    SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : marketing_platform
    • EPSS Score: %0.48
    • Published: Jun. 28, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291401 Results