Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2015-8705

    buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT d... Read more

    Affected Products : bind
    • EPSS Score: %29.18
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2015-8704

    apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.... Read more

    Affected Products : bind
    • EPSS Score: %21.76
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1296

    The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.37
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8777

    The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.... Read more

    Affected Products : glibc
    • EPSS Score: %0.06
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2015-4951

    Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.54
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-1907

    The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.... Read more

    Affected Products : openssh
    • EPSS Score: %0.30
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1904

    Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function,... Read more

    Affected Products : php
    • EPSS Score: %0.30
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2016-1903

    The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and applicat... Read more

    Affected Products : php
    • EPSS Score: %4.06
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8617

    Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incor... Read more

    Affected Products : php
    • EPSS Score: %26.44
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 8.6

    HIGH
    CVE-2015-8616

    Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve... Read more

    Affected Products : php
    • EPSS Score: %0.68
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6836

    The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type ... Read more

    Affected Products : php
    • EPSS Score: %1.62
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6833

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo... Read more

    Affected Products : php
    • EPSS Score: %0.45
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6832

    Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse... Read more

    Affected Products : php
    • EPSS Score: %2.28
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6831

    Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, wh... Read more

    Affected Products : debian_linux php
    • EPSS Score: %0.90
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-6527

    The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.... Read more

    Affected Products : php
    • EPSS Score: %1.59
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2015-5590

    Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large ... Read more

    Affected Products : php
    • EPSS Score: %4.40
    • Published: Jan. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0201

    GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.... Read more

    • EPSS Score: %0.36
    • Published: Jan. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7886

    NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.... Read more

    Affected Products : data_ontap data_ontap
    • EPSS Score: %0.23
    • Published: Jan. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5009

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a c... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.38
    • Published: Jan. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-5008

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.65
    • Published: Jan. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291647 Results