Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-1899

    CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter... Read more

    Affected Products : fedora cgit cgit
    • EPSS Score: %0.65
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1867

    The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.... Read more

    Affected Products : jasper
    • EPSS Score: %0.46
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2015-5516

    Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 a... Read more

    • EPSS Score: %1.62
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-5295

    The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via t... Read more

    • EPSS Score: %1.64
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2015-8705

    buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT d... Read more

    Affected Products : bind
    • EPSS Score: %29.18
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8704

    apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.... Read more

    Affected Products : bind
    • EPSS Score: %21.76
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1296

    The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.37
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8777

    The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.... Read more

    Affected Products : glibc
    • EPSS Score: %0.06
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-4951

    Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.54
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1907

    The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.... Read more

    Affected Products : openssh
    • EPSS Score: %0.30
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1904

    Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function,... Read more

    Affected Products : php
    • EPSS Score: %0.30
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-1903

    The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and applicat... Read more

    Affected Products : php
    • EPSS Score: %4.06
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8617

    Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incor... Read more

    Affected Products : php
    • EPSS Score: %26.44
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-8616

    Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve... Read more

    Affected Products : php
    • EPSS Score: %0.68
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6836

    The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type ... Read more

    Affected Products : php
    • EPSS Score: %1.62
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6833

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo... Read more

    Affected Products : php
    • EPSS Score: %0.45
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6832

    Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse... Read more

    Affected Products : php
    • EPSS Score: %2.28
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6831

    Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, wh... Read more

    Affected Products : debian_linux php
    • EPSS Score: %0.90
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6527

    The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.... Read more

    Affected Products : php
    • EPSS Score: %1.59
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5590

    Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large ... Read more

    Affected Products : php
    • EPSS Score: %4.40
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291551 Results