Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-3212

    The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerabil... Read more

    Affected Products : internet_explorer
    • EPSS Score: %5.22
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3211

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %22.58
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3210

    The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerab... Read more

    Affected Products : internet_explorer
    • EPSS Score: %22.58
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3207

    The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %16.91
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3206

    The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %19.00
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3205

    The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka... Read more

    Affected Products : internet_explorer vbscript jscript
    • EPSS Score: %19.00
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3203

    Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."... Read more

    • EPSS Score: %49.16
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3202

    The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte... Read more

    • EPSS Score: %16.91
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3201

    Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerabili... Read more

    • EPSS Score: %29.52
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3199

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability tha... Read more

    Affected Products : edge
    • EPSS Score: %21.57
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3198

    Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."... Read more

    Affected Products : edge
    • EPSS Score: %34.92
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0200

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %17.94
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0199

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %72.54
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0028

    Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track us... Read more

    Affected Products : exchange_server outlook_web_access
    • EPSS Score: %21.12
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0025

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation ... Read more

    • EPSS Score: %24.05
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5367

    Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.... Read more

    Affected Products : honor_ws851_firmware honor_ws851
    • EPSS Score: %0.14
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5366

    Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052.... Read more

    Affected Products : honor_ws851_firmware honor_ws851
    • EPSS Score: %0.10
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5365

    Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.... Read more

    Affected Products : honor_ws851_firmware honor_ws851
    • EPSS Score: %1.69
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5338

    The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer ... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.10
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5337

    The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.06
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291293 Results