Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-8307

    The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-3975

    Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigatio... Read more

    • EPSS Score: %0.66
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-3974

    XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monito... Read more

    • EPSS Score: %35.16
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-3973

    The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pr... Read more

    • EPSS Score: %0.50
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2858

    QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %0.12
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1714

    The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bou... Read more

    Affected Products : openstack qemu linux
    • EPSS Score: %0.16
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0734

    The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRA... Read more

    Affected Products : activemq
    • EPSS Score: %5.99
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2015-8305

    Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.... Read more

    Affected Products : p7_firmware p7
    • EPSS Score: %0.07
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3948

    Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.... Read more

    Affected Products : squid
    • EPSS Score: %27.90
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.2

    HIGH
    CVE-2016-3947

    Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitiv... Read more

    Affected Products : ubuntu_linux squid
    • EPSS Score: %53.87
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-1563

    NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    • EPSS Score: %0.13
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1019

    Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.... Read more

    • Actively Exploited
    • EPSS Score: %79.39
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0888

    EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %1.39
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2292

    Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %2.09
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-2291

    Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.... Read more

    • EPSS Score: %1.30
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-2290

    Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %1.43
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.9

    MEDIUM
    CVE-2016-2277

    IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.... Read more

    Affected Products : integrated_architecture_builder
    • EPSS Score: %0.01
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2272

    Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.... Read more

    Affected Products : eg2_web_control
    • EPSS Score: %0.41
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-1346

    The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.... Read more

    • EPSS Score: %0.76
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1313

    Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID ... Read more

    Affected Products : ucs_invicta_c3124sa_appliance
    • EPSS Score: %1.49
    • Published: Apr. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292720 Results