Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-7537

    Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.18
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-7536

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.... Read more

    Affected Products : jenkins
    • EPSS Score: %0.21
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5344

    The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.... Read more

    Affected Products : camel
    • EPSS Score: %4.97
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2213

    The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.68
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2199

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators... Read more

    Affected Products : vulnerability_manager
    • EPSS Score: %0.12
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2049

    examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of ar... Read more

    Affected Products : php-openid
    • EPSS Score: %0.40
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8783

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %0.66
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8782

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %1.56
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8781

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %2.09
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8265

    Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spo... Read more

    • EPSS Score: %0.57
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-1730

    WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.27
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1729

    Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.49
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1728

    The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history informati... Read more

    Affected Products : iphone_os safari
    • EPSS Score: %0.76
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1727

    WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.... Read more

    Affected Products : iphone_os tvos watchos safari webkitgtk\+
    • EPSS Score: %1.02
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1726

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.... Read more

    Affected Products : iphone_os watchos safari
    • EPSS Score: %1.70
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1725

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.... Read more

    Affected Products : iphone_os watchos safari
    • EPSS Score: %1.70
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1724

    WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.... Read more

    Affected Products : iphone_os tvos watchos safari webkitgtk\+
    • EPSS Score: %1.01
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1723

    WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.... Read more

    Affected Products : iphone_os watchos safari
    • EPSS Score: %1.70
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1722

    syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.08
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1721

    The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.24
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results