Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4017

    The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.... Read more

    Affected Products : hana
    • EPSS Score: %0.50
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4016

    Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admi... Read more

    • EPSS Score: %0.49
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4015

    The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.... Read more

    Affected Products : netweaver
    • EPSS Score: %3.04
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4014

    XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.... Read more

    Affected Products : netweaver
    • EPSS Score: %6.91
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3079

    Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin... Read more

    Affected Products : satellite spacewalk-java
    • EPSS Score: %0.43
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2103

    Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving sys... Read more

    Affected Products : satellite satellite
    • EPSS Score: %0.24
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8560

    Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vuln... Read more

    • EPSS Score: %8.56
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8554

    Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable phys... Read more

    Affected Products : xen
    • EPSS Score: %0.06
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2015-8550

    Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.... Read more

    • EPSS Score: %15.96
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8540

    Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact vi... Read more

    • EPSS Score: %13.61
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-7999

    Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : command_center
    • EPSS Score: %0.47
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2015-5343

    Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary... Read more

    Affected Products : debian_linux subversion
    • EPSS Score: %24.98
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-0284

    Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerab... Read more

    Affected Products : satellite spacewalk-java
    • EPSS Score: %0.41
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1378

    Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.... Read more

    Affected Products : ios
    • EPSS Score: %0.23
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1352

    Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.... Read more

    • EPSS Score: %0.39
    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2313

    auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.... Read more

    Affected Products : leap opensuse cacti
    • EPSS Score: %1.08
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0787

    The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes conf... Read more

    Affected Products : fedora debian_linux opensuse libssh2
    • EPSS Score: %2.30
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0757

    OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an imag... Read more

    • EPSS Score: %0.23
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0739

    libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessi... Read more

    • EPSS Score: %3.64
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8806

    dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.... Read more

    • EPSS Score: %8.56
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292321 Results