Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-1776

    Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.... Read more

    Affected Products : mac_os_x_server os_x_server
    • EPSS Score: %0.28
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1775

    TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.74
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1774

    The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading ... Read more

    Affected Products : mac_os_x_server os_x_server
    • EPSS Score: %0.32
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-1773

    The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.05
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1772

    The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.... Read more

    Affected Products : safari
    • EPSS Score: %0.30
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-1771

    The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.... Read more

    Affected Products : safari
    • EPSS Score: %0.48
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1770

    The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.23
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1769

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %4.56
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1768

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %8.57
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1767

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %4.56
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1766

    The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.15
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-1765

    otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.... Read more

    Affected Products : xcode
    • EPSS Score: %0.06
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1764

    The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %6.68
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-1763

    Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.21
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1762

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.... Read more

    • EPSS Score: %7.34
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1761

    libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.... Read more

    Affected Products : mac_os_x iphone_os watchos
    • EPSS Score: %10.98
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1759

    The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.24
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1758

    The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.28
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1757

    Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %58.45
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1756

    The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os
    • EPSS Score: %0.19
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292628 Results