Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2016-0149

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL In... Read more

    Affected Products : .net_framework
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0140

    Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulner... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0126

    Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : office
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4561

    Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.... Read more

    Affected Products : debian_linux ikiwiki
    • Published: May. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4556

    Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: May. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4555

    client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: May. 10, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4554

    mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: May. 10, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2016-4553

    client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.... Read more

    Affected Products : ubuntu_linux linux squid
    • Published: May. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4350

    Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule p... Read more

    Affected Products : storage_resource_monitor
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-3105

    The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.... Read more

    Affected Products : debian_linux mercurial
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 4.4

    MEDIUM
    CVE-2015-5208

    Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.... Read more

    Affected Products : cordova
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5207

    Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.... Read more

    Affected Products : cordova
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4477

    wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1)... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4476

    hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.... Read more

    Affected Products : ubuntu_linux hostapd wpa_supplicant
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-2462

    OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-2461

    OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2460

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBu... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2459

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBu... Read more

    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2458

    The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to Compos... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2457

    server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292847 Results