Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-3728

    Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.... Read more

    Affected Products : foreman
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-3693

    The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.... Read more

    Affected Products : safemode
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2100

    Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.... Read more

    Affected Products : foreman
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7558

    librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.... Read more

    Affected Products : debian_linux librsvg
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7557

    The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.... Read more

    Affected Products : librsvg
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4073

    Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbi... Read more

    Affected Products : mac_os_x php
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4072

    The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar... Read more

    Affected Products : mac_os_x php
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4071

    Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.... Read more

    Affected Products : mac_os_x php
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4070

    Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode functi... Read more

    Affected Products : php
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1859

    The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1858

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1857

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854,... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1856

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854,... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1855

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854,... Read more

    Affected Products : iphone_os tvos safari
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1854

    WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855,... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1853

    Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 2.4

    LOW
    CVE-2016-1852

    Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2016-1851

    The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1850

    SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-1849

    The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access... Read more

    Affected Products : iphone_os safari
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results