Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-2570

    The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML docume... Read more

    Affected Products : squid
    • EPSS Score: %6.03
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2569

    Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.... Read more

    Affected Products : squid
    • EPSS Score: %67.99
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-7262

    QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot... Read more

    Affected Products : signage_station iartist_lite
    • EPSS Score: %0.32
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-7261

    The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.... Read more

    Affected Products : signage_station iartist_lite
    • EPSS Score: %0.38
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6036

    QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.... Read more

    Affected Products : signage_station sinage_station
    • EPSS Score: %0.35
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2015-6022

    Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.... Read more

    Affected Products : signage_station
    • EPSS Score: %0.56
    • Published: Feb. 27, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1342

    The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.... Read more

    • EPSS Score: %0.23
    • Published: Feb. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-1297

    The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST ... Read more

    • EPSS Score: %0.61
    • Published: Feb. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0763

    The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which a... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %0.22
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0714

    The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %3.87
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0706

    Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenti... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %0.42
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-5351

    The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection ... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %3.70
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2015-5346

    Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijac... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %39.28
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-5345

    The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a d... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %32.11
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5174

    Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (sla... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • EPSS Score: %0.25
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2542

    Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.... Read more

    Affected Products : installshield
    • EPSS Score: %0.16
    • Published: Feb. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1341

    Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.... Read more

    Affected Products : nx-os nx-os
    • EPSS Score: %0.28
    • Published: Feb. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8277

    Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.... Read more

    Affected Products : flexnet_publisher
    • EPSS Score: %75.56
    • Published: Feb. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8805

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vect... Read more

    Affected Products : ubuntu_linux leap opensuse nettle
    • EPSS Score: %1.20
    • Published: Feb. 23, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8804

    x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : ubuntu_linux leap opensuse nettle
    • EPSS Score: %11.88
    • Published: Feb. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291891 Results