Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-0738

    OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrup... Read more

    Affected Products : swift
    • EPSS Score: %5.80
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0737

    OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.... Read more

    Affected Products : swift
    • EPSS Score: %5.80
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-8773

    Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.... Read more

    Affected Products : file_lock
    • EPSS Score: %0.29
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2015-8772

    McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ... Read more

    Affected Products : file_lock
    • EPSS Score: %0.49
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 8.3

    HIGH
    CVE-2015-7521

    The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level opera... Read more

    Affected Products : hive
    • EPSS Score: %0.40
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1882

    FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.47
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1879

    The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer derefere... Read more

    Affected Products : freebsd
    • EPSS Score: %19.79
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-8794

    Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo han... Read more

    Affected Products : roundcube_webmail
    • EPSS Score: %0.29
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-8793

    Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different v... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.28
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-8792

    The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.... Read more

    Affected Products : leap opensuse libmatroska
    • EPSS Score: %0.31
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8791

    The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.... Read more

    Affected Products : libebml
    • EPSS Score: %0.34
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8790

    The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.... Read more

    Affected Products : libebml
    • EPSS Score: %0.54
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2015-8789

    Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML d... Read more

    Affected Products : libebml
    • EPSS Score: %0.38
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-8770

    Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute ar... Read more

    Affected Products : roundcube_webmail
    • EPSS Score: %23.36
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-7464

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builde... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.87
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0868

    Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.... Read more

    • EPSS Score: %0.21
    • Published: Jan. 28, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1300

    Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.... Read more

    Affected Products : unity_connection
    • EPSS Score: %0.25
    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1299

    The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.... Read more

    • EPSS Score: %0.30
    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-6421

    cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and dev... Read more

    Affected Products : wide_area_application_services
    • EPSS Score: %0.53
    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6319

    SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.... Read more

    • EPSS Score: %0.81
    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291562 Results