Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-2834

    Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.... Read more

    • EPSS Score: %1.55
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2833

    Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.34
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2832

    Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.56
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2831

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks,... Read more

    • EPSS Score: %0.66
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2829

    Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.48
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2828

    Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.... Read more

    • EPSS Score: %2.02
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2826

    The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.... Read more

    Affected Products : firefox firefox_esr windows
    • EPSS Score: %0.05
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2825

    Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • EPSS Score: %0.68
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2824

    The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other i... Read more

    Affected Products : firefox firefox_esr leap opensuse windows
    • EPSS Score: %0.92
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2822

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.... Read more

    • EPSS Score: %0.67
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2821

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap mem... Read more

    • EPSS Score: %2.76
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2819

    Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.... Read more

    • EPSS Score: %66.28
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2818

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via... Read more

    • EPSS Score: %0.50
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2815

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    • EPSS Score: %0.26
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2500

    Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2499

    AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted applicat... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2498

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.... Read more

    Affected Products : android nexus_7
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2496

    The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.... Read more

    Affected Products : android
    • EPSS Score: %0.31
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-2495

    SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal b... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2494

    Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem a... Read more

    Affected Products : android
    • EPSS Score: %1.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291411 Results