Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4423

    The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored ... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1902

    The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseu... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8875

    Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or ... Read more

    Affected Products : debian_linux gdk-pixbuf
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-4432

    The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.... Read more

    Affected Products : qpid_broker-j qpid_java
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3697

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.... Read more

    Affected Products : docker opensuse runc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-3094

    PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught e... Read more

    Affected Products : qpid_broker-j qpid_java
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3088

    The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.... Read more

    Affected Products : activemq
    • Actively Exploited
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3075

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.... Read more

    Affected Products : ubuntu_linux fedora opensuse glibc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2175

    Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.... Read more

    Affected Products : debian_linux pdfbox
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1234

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.... Read more

    Affected Products : fedora leap opensuse glibc
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-4500

    Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.... Read more

    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0288

    IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity referen... Read more

    Affected Products : security_appscan
    • Published: Jun. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4785

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4784

    A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4521

    Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-4506

    Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.... Read more

    Affected Products : intuitive_650_tdb_controller
    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-4505

    Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.... Read more

    Affected Products : intuitive_650_tdb_controller
    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4502

    Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.... Read more

    Affected Products : esc_8832_data_controller
    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-4501

    Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.... Read more

    Affected Products : esc_8832_data_controller
    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2295

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and ... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293284 Results