Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2015-8914

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local sou... Read more

    Affected Products : neutron smart_vms
    • EPSS Score: %6.66
    • Published: Jun. 17, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5300

    The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because o... Read more

    • EPSS Score: %1.94
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-3687

    Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing ... Read more

    • EPSS Score: %0.37
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3062

    The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.... Read more

    Affected Products : debian_linux leap ffmpeg libav
    • EPSS Score: %2.45
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-2841

    The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP reg... Read more

    Affected Products : ubuntu_linux qemu
    • EPSS Score: %0.07
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-2538

    Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS contr... Read more

    Affected Products : qemu
    • EPSS Score: %0.09
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2392

    The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer derefer... Read more

    Affected Products : ubuntu_linux qemu
    • EPSS Score: %0.09
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-2391

    The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.06
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2012-6702

    Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.... Read more

    • EPSS Score: %0.47
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5361

    programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 proto... Read more

    Affected Products : libreswan
    • EPSS Score: %0.95
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4171

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.... Read more

    • Actively Exploited
    • EPSS Score: %23.58
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4167

    Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : dng_software_development_kit
    • EPSS Score: %6.48
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4166

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs list... Read more

    • EPSS Score: %2.19
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4165

    The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.... Read more

    Affected Products : brackets
    • EPSS Score: %6.15
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4164

    Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : brackets
    • EPSS Score: %0.64
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4163

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.36
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4162

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.35
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4161

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.36
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4160

    Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • EPSS Score: %2.36
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4159

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : coldfusion
    • EPSS Score: %0.70
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291293 Results