Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-3644

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SE... Read more

    • EPSS Score: %29.02
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2211

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SE... Read more

    • EPSS Score: %20.02
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-2210

    Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5... Read more

    • EPSS Score: %29.05
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-2209

    Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5;... Read more

    • EPSS Score: %29.05
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2207

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SE... Read more

    • EPSS Score: %50.21
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-8801

    Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.... Read more

    Affected Products : endpoint_protection_manager
    • EPSS Score: %0.06
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5360

    HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : ubuntu_linux haproxy
    • EPSS Score: %43.17
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5301

    The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.... Read more

    Affected Products : leap opensuse libtorrent
    • EPSS Score: %1.38
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-5020

    F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.... Read more

    • EPSS Score: %1.76
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-4971

    GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.... Read more

    Affected Products : ubuntu_linux solaris wget pan-os
    • EPSS Score: %75.93
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4803

    CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.40
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-4472

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists becau... Read more

    • EPSS Score: %2.44
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-4309

    Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %21.88
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3189

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.... Read more

    Affected Products : python bzip2
    • EPSS Score: %13.71
    • Published: Jun. 30, 2016
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2015-8899

    Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.... Read more

    Affected Products : ubuntu_linux dnsmasq
    • EPSS Score: %0.11
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-5840

    hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.... Read more

    • EPSS Score: %14.10
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-5729

    Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.... Read more

    Affected Products : bios_efi_driver
    • EPSS Score: %0.15
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5368

    Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.... Read more

    Affected Products : ar3200_firmware ar3200
    • EPSS Score: %0.28
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5249

    Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.... Read more

    Affected Products : solution_center
    • EPSS Score: %0.17
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-5248

    The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.... Read more

    Affected Products : solution_center
    • EPSS Score: %0.07
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291589 Results