Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-3628

    Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.... Read more

    • EPSS Score: %2.86
    • Published: Apr. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-2390

    The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (applicat... Read more

    Affected Products : squid
    • EPSS Score: %35.49
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0741

    slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.... Read more

    • EPSS Score: %2.36
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8779

    Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.... Read more

    • EPSS Score: %4.97
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8778

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers... Read more

    • EPSS Score: %6.77
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-8776

    The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.... Read more

    • EPSS Score: %5.38
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 2.0

    LOW
    CVE-2015-7511

    Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.... Read more

    Affected Products : ubuntu_linux debian_linux libgcrypt
    • EPSS Score: %0.06
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2015-1776

    Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive in... Read more

    Affected Products : hadoop
    • EPSS Score: %0.08
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2014-9765

    Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.... Read more

    • EPSS Score: %2.48
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9761

    Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf,... Read more

    • EPSS Score: %2.44
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-4040

    SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.39
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3960

    Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.... Read more

    Affected Products : fedora xen vm_server
    • EPSS Score: %0.08
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-3688

    SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.15
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2016-3186

    Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.... Read more

    Affected Products : libtiff opensuse
    • EPSS Score: %0.71
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-5479

    The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.... Read more

    Affected Products : leap libav ubuntu
    • EPSS Score: %1.33
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-3972

    Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.10
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.8

    MEDIUM
    CVE-2016-3971

    Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.... Read more

    Affected Products : dotcms
    • EPSS Score: %0.19
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3943

    Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying ... Read more

    • EPSS Score: %0.19
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3941

    Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."... Read more

    Affected Products : ubuntu_linux vlc_media_player
    • EPSS Score: %0.31
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-7378

    Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.... Read more

    Affected Products : panda_url_filtering
    • EPSS Score: %0.18
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292118 Results