Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-5234

    Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote a... Read more

    • EPSS Score: %1.67
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5104

    The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.... Read more

    • EPSS Score: %0.91
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4911

    The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.... Read more

    Affected Products : keystone openstack_identity
    • EPSS Score: %0.30
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4005

    The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.... Read more

    Affected Products : hilink_app
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-3677

    The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.... Read more

    Affected Products : hilink_app wear_app
    • EPSS Score: %0.03
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3670

    Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %9.29
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-2174

    SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.... Read more

    Affected Products : ranger
    • EPSS Score: %0.58
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1543

    The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after ... Read more

    • EPSS Score: %75.65
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1542

    The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization fa... Read more

    • EPSS Score: %74.06
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2834

    Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.... Read more

    • EPSS Score: %1.55
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2833

    Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.34
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2832

    Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.56
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2831

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks,... Read more

    • EPSS Score: %0.66
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2829

    Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.48
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2828

    Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.... Read more

    • EPSS Score: %2.02
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2826

    The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : firefox firefox_esr windows
    • EPSS Score: %0.05
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2825

    Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.68
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2824

    The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other i... Read more

    Affected Products : firefox firefox_esr leap opensuse windows
    • EPSS Score: %0.92
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2822

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.... Read more

    • EPSS Score: %0.67
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2821

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap mem... Read more

    • EPSS Score: %2.76
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291360 Results