Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-3087

    Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.... Read more

    Affected Products : struts
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3072

    Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2013-7440

    The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.... Read more

    Affected Products : python
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2016-5242

    The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding refere... Read more

    Affected Products : xen
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-4963

    The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.... Read more

    Affected Products : xen
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-4962

    The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas o... Read more

    Affected Products : xen vm_server
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4450

    os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file... Read more

    Affected Products : ubuntu_linux debian_linux nginx
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4437

    Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.... Read more

    • Actively Exploited
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2335

    The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descri... Read more

    Affected Products : debian_linux opensuse 7-zip
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-7695

    The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.... Read more

    Affected Products : debian_linux zend_framework
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7611

    Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.... Read more

    Affected Products : james james_server
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5723

    Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions ... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-5261

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5260

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5231

    The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5228

    The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9747

    The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.... Read more

    Affected Products : debian_linux freetype
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9746

    The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not ... Read more

    Affected Products : debian_linux freetype
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2014-8177

    The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.... Read more

    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-5041

    The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.... Read more

    • Published: Jun. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292902 Results