Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-4036

    The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.... Read more

    Affected Products : leap opensuse
    • EPSS Score: %0.10
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-3950

    Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.... Read more

    Affected Products : ar3200_firmware ar3200
    • EPSS Score: %0.09
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3071

    Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.... Read more

    Affected Products : fedora libreswan
    • EPSS Score: %0.97
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8106

    Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.... Read more

    Affected Products : fedora latex2rtf
    • EPSS Score: %0.84
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7552

    Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.... Read more

    Affected Products : opensuse opensuse
    • EPSS Score: %1.70
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1659

    Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    • EPSS Score: %2.36
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1658

    The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.... Read more

    • EPSS Score: %0.88
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1657

    The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a ... Read more

    • EPSS Score: %2.18
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1656

    The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.... Read more

    Affected Products : android leap chrome linux_enterprise
    • EPSS Score: %0.40
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1655

    Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extens... Read more

    • EPSS Score: %3.03
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1654

    The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.... Read more

    • EPSS Score: %2.49
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1653

    The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers... Read more

    • EPSS Score: %1.52
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1652

    Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTM... Read more

    • EPSS Score: %0.51
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1651

    fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or c... Read more

    • EPSS Score: %1.38
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2427

    The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via ... Read more

    • EPSS Score: %0.11
    • Published: Apr. 18, 2016
    • Modified: May. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2426

    server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive informati... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2425

    mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted applicati... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-2424

    server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) ... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-2423

    server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2422

    Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrat... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292118 Results