Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-1317

    Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.... Read more

    • EPSS Score: %0.17
    • Published: Feb. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1316

    Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.... Read more

    • EPSS Score: %0.23
    • Published: Feb. 09, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-2268

    Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : secureworks
    • EPSS Score: %0.17
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2214

    Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : agile_controller-campus
    • EPSS Score: %0.11
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2091

    The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.... Read more

    Affected Products : libdwarf
    • EPSS Score: %0.29
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2089

    The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.... Read more

    Affected Products : jasper
    • EPSS Score: %0.77
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-2048

    Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permiss... Read more

    Affected Products : django
    • EPSS Score: %0.14
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-8361

    Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the... Read more

    Affected Products : bamboo
    • EPSS Score: %0.52
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8360

    An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.... Read more

    Affected Products : bamboo
    • EPSS Score: %1.19
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-3252

    Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.... Read more

    Affected Products : cloudstack
    • EPSS Score: %1.87
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2015-3251

    Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.... Read more

    Affected Products : cloudstack
    • EPSS Score: %0.18
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9757

    The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.... Read more

    Affected Products : bamboo
    • EPSS Score: %0.78
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2230

    OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.... Read more

    Affected Products : openelec
    • EPSS Score: %1.64
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-2201

    Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.... Read more

    • EPSS Score: %1.61
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2200

    Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.... Read more

    • EPSS Score: %9.24
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-0603

    Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the pr... Read more

    Affected Products : jdk jre windows
    • EPSS Score: %3.22
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2015-2012

    The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive i... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.04
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0728

    The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-aft... Read more

    • EPSS Score: %56.01
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-0723

    Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD io... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8787

    The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certa... Read more

    Affected Products : linux_kernel
    • EPSS Score: %5.66
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291589 Results