Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-1355

    Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.25
    • Published: Mar. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1354

    Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.... Read more

    • EPSS Score: %0.25
    • Published: Mar. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1329

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH sess... Read more

    • EPSS Score: %2.07
    • Published: Mar. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2279

    Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %2.36
    • Published: Mar. 02, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-2278

    Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.... Read more

    • EPSS Score: %14.04
    • Published: Mar. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0704

    An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of ... Read more

    Affected Products : openssl
    • EPSS Score: %3.18
    • Published: Mar. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0703

    The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, wh... Read more

    Affected Products : openssl
    • EPSS Score: %2.64
    • Published: Mar. 02, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0800

    The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote atta... Read more

    Affected Products : openssl client steel_belted_radius
    • EPSS Score: %89.83
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-2562

    The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information vi... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.23
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2561

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database n... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.29
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2560

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to librarie... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %1.13
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-2559

    Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.28
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1353

    The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to c... Read more

    • EPSS Score: %0.48
    • Published: Mar. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0245

    The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity referenc... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.31
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0244

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.19
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0243

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.26
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-0225

    IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.16
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0216

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %3.24
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0213

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %3.24
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0212

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %3.24
    • Published: Feb. 29, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291890 Results