Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-2097

    Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in ... Read more

    Affected Products : rails ruby_on_rails actionpack
    • EPSS Score: %1.28
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-1531

    Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.... Read more

    Affected Products : exim
    • EPSS Score: %57.86
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0792

    Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %89.80
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0791

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.49
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0790

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.12
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0789

    CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %0.12
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0788

    The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.... Read more

    Affected Products : openshift jenkins
    • EPSS Score: %37.43
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2511

    Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.... Read more

    Affected Products : debian_linux websvn
    • EPSS Score: %0.39
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2216

    The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicod... Read more

    Affected Products : fedora node.js
    • EPSS Score: %1.77
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2086

    Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.... Read more

    Affected Products : fedora node.js
    • EPSS Score: %0.45
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0729

    Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) o... Read more

    Affected Products : fedora x14j_firmware
    • EPSS Score: %24.19
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2015-2774

    Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).... Read more

    Affected Products : opensuse solaris erlang\/otp
    • EPSS Score: %0.80
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-2510

    BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.... Read more

    Affected Products : ubuntu_linux debian_linux beanshell
    • EPSS Score: %34.33
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8681

    The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with so... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8680

    The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8679

    The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartpho... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.06
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8319

    Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, a... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.06
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8318

    Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, a... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.06
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8307

    The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3975

    Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigatio... Read more

    • EPSS Score: %0.66
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292318 Results