Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-0802

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %6.75
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0801

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %46.03
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1311

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.... Read more

    Affected Products : jabber_guest
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1310

    Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.... Read more

    Affected Products : opensolaris unity_connection
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1306

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.... Read more

    Affected Products : opensolaris fog_director
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7916

    Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.... Read more

    Affected Products : moduweb_vision moduweb_vision
    • EPSS Score: %0.16
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7915

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.76
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7914

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.78
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0862

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.... Read more

    • EPSS Score: %19.23
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0861

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : ups_snmp_web_adapter_firmware
    • EPSS Score: %10.06
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-1284

    rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.... Read more

    Affected Products : bind
    • EPSS Score: %9.48
    • Published: Feb. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8269

    The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.... Read more

    Affected Products : smart_toy_bear
    • EPSS Score: %0.79
    • Published: Feb. 04, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1906

    Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.... Read more

    Affected Products : kubernetes origin
    • EPSS Score: %1.56
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-1905

    The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.13
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-1505

    The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.... Read more

    Affected Products : windows radicale
    • EPSS Score: %1.35
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8748

    Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".... Read more

    Affected Products : radicale
    • EPSS Score: %0.57
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2015-8747

    The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.... Read more

    Affected Products : radicale
    • EPSS Score: %1.81
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7546

    The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization t... Read more

    Affected Products : solaris keystone keystonemiddleware
    • EPSS Score: %0.10
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2015-7539

    The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %1.04
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7538

    Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.20
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results