Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2016-5709

    SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.... Read more

    Affected Products : virtualization_manager
    • EPSS Score: %0.10
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-5435

    Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows r... Read more

    • EPSS Score: %0.15
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-5021

    The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x befor... Read more

    • EPSS Score: %0.16
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4802

    Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll... Read more

    Affected Products : curl
    • EPSS Score: %0.45
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1439

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1438

    Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.... Read more

    • EPSS Score: %0.38
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1437

    SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.... Read more

    Affected Products : prime_collaboration_deployment
    • EPSS Score: %0.22
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1436

    The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1... Read more

    • EPSS Score: %0.72
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-1435

    Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.... Read more

    • EPSS Score: %0.18
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1434

    The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.... Read more

    • EPSS Score: %0.16
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-1428

    Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.45
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0914

    EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated us... Read more

    • EPSS Score: %0.16
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6289

    Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.... Read more

    • EPSS Score: %11.66
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2364

    The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms ... Read more

    Affected Products : fonality hud_web
    • EPSS Score: %0.15
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2363

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.... Read more

    Affected Products : fonality
    • EPSS Score: %0.04
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2362

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.... Read more

    Affected Products : fonality
    • EPSS Score: %0.89
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2178

    The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.... Read more

    • EPSS Score: %0.38
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2177

    OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging un... Read more

    • EPSS Score: %47.95
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8289

    The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code... Read more

    • EPSS Score: %0.75
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-8288

    NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by ... Read more

    • EPSS Score: %0.75
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291358 Results