Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2016-1418

Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037....

Affected Products : aironet_access_point_software aironet_access_point_software aironet_access_point_software_ aironet_1830e aironet_1830i aironet_1850e aironet_1850i aironet_2800 aironet_3800
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2016-1405

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote att...

Affected Products : clamav web_security_appliance email_security_appliance
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
7.3

HIGH

CVE-2015-8800

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Se...

Affected Products : symantec_critical_system_protection symantec_data_center_security_server symantec_data_center_security_server_and_agents symantec_embedded_security_critical_system_protection symantec_embedded_security_critical_system_protection_for_controllers_and_devices
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
7.6

HIGH

CVE-2015-8799

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Crit...

Affected Products : symantec_critical_system_protection symantec_data_center_security_server symantec_data_center_security_server_and_agents symantec_embedded_security_critical_system_protection symantec_embedded_security_critical_system_protection_for_controllers_and_devices
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
8.0

HIGH

CVE-2015-8798

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Crit...

Affected Products : symantec_critical_system_protection symantec_data_center_security_server symantec_data_center_security_server_and_agents symantec_embedded_security_critical_system_protection symantec_embedded_security_critical_system_protection_for_controllers_and_devices
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
8.8

HIGH

CVE-2015-8157

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical S...

Affected Products : symantec_critical_system_protection symantec_data_center_security_server symantec_data_center_security_server_and_agents symantec_embedded_security_critical_system_protection symantec_embedded_security_critical_system_protection_for_controllers_and_devices
Published: Jun. 08, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2016-4545

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
5.3

MEDIUM

CVE-2016-3093

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Affected Products : struts ognl
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin....

Affected Products : struts
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
8.8

HIGH

CVE-2016-3072

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter....

Affected Products : enterprise_linux satellite subscription_asset_manager katello
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
5.9

MEDIUM

CVE-2013-7440

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate....

Affected Products : python
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
5.6

MEDIUM

CVE-2016-5242

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding refere...

Affected Products : xen
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
4.7

MEDIUM

CVE-2016-4963

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore....

Affected Products : xen
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
6.8

MEDIUM

CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas o...

Affected Products : xen vm_server
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
7.5

HIGH

CVE-2016-4450

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file...

Affected Products : ubuntu_linux debian_linux nginx
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter....

Affected Products : fuse jboss_middleware_text-only_advisories shiro aurora
Actively Exploited

Published: Jun. 07, 2016

Modified: Apr. 12, 2025
8.8

HIGH

CVE-2016-2335

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descri...

Affected Products : debian_linux opensuse 7-zip
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2015-7695

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query....

Affected Products : debian_linux zend_framework
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
9.3

HIGH

CVE-2015-7611

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors....

Affected Products : james james_server
Published: Jun. 07, 2016

Modified: Apr. 12, 2025
7.8

HIGH

CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions ...

Affected Products : debian_linux zend_framework aws_software_development_kit zend-cache object_relational_mapper doctrinemongodbbundle common annotations mongodb-odm cache +1 more products
Published: Jun. 07, 2016

Modified: Apr. 12, 2025

Showing 20 of 293350 Results

Browse by Apps

Latest CVE Feed

7.8

7.5

7.3

7.6

8.0

8.8

7.5

5.3

9.8

8.8

5.9

5.6

4.7

6.8

7.5

9.8

8.8

9.8

9.3

7.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable