Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-4061

    Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.... Read more

    Affected Products : foxit_reader phantompdf
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4060

    Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.... Read more

    Affected Products : foxit_reader phantompdf
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4059

    Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.... Read more

    Affected Products : foxit_reader phantompdf
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-1596

    Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_... Read more

    Affected Products : service_desk
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1595

    LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName... Read more

    Affected Products : service_desk
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1594

    Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.... Read more

    Affected Products : service_desk
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-1593

    Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data ... Read more

    Affected Products : service_desk
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.6

    MEDIUM
    CVE-2016-3145

    Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive informa... Read more

    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2354

    The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle... Read more

    Affected Products : bluedriver
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-2306

    The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2305

    Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2304

    Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-2303

    CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-2302

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2301

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2300

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2299

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : integraxor
    • Published: Apr. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3977

    Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.... Read more

    Affected Products : opensuse giflib
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3190

    The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.... Read more

    Affected Products : opensuse cairo
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2013-7449

    The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an a... Read more

    Affected Products : ubuntu_linux xchat xchat_gnome hexchat
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292802 Results