Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-0964

    Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to ... Read more

    • EPSS Score: %43.25
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0958

    Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.... Read more

    • EPSS Score: %0.64
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0957

    Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.... Read more

    • EPSS Score: %91.10
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0956

    The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    • EPSS Score: %13.28
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0955

    Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.... Read more

    • EPSS Score: %0.33
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0953

    Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-09... Read more

    Affected Products : photoshop_cc mac_os_x windows bridge_cc
    • EPSS Score: %17.55
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0952

    Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-09... Read more

    Affected Products : photoshop_cc mac_os_x windows bridge_cc
    • EPSS Score: %17.55
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0951

    Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-09... Read more

    Affected Products : photoshop_cc mac_os_x windows bridge_cc
    • EPSS Score: %17.55
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0950

    Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.... Read more

    Affected Products : connect
    • EPSS Score: %0.73
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0949

    Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.... Read more

    Affected Products : connect
    • EPSS Score: %2.40
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0948

    Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : connect
    • EPSS Score: %0.29
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-7680

    Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.... Read more

    Affected Products : moveit_dmz
    • EPSS Score: %0.03
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-7679

    Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.... Read more

    Affected Products : moveit_mobile
    • EPSS Score: %0.01
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-7678

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : moveit_mobile
    • EPSS Score: %0.01
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7677

    The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEit... Read more

    Affected Products : moveit_dmz
    • EPSS Score: %0.02
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7675

    The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (... Read more

    Affected Products : moveit_dmz moveit_mobile
    • EPSS Score: %0.02
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0084

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more

    Affected Products : edge
    • EPSS Score: %17.94
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0080

    Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."... Read more

    Affected Products : edge
    • EPSS Score: %15.16
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0077

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • EPSS Score: %9.36
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0072

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • EPSS Score: %14.03
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291741 Results