Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-2197

    Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.... Read more

    Affected Products : safari
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2016-3116

    CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.... Read more

    Affected Products : dropbear_ssh dropbear_ssh_server
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 6.4

    MEDIUM
    CVE-2016-3115

    Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_r... Read more

    Affected Products : openssh vm_server
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1998

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : service_manager
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1997

    HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7454

    Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenti... Read more

    • Published: Mar. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2245

    HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.... Read more

    Affected Products : support_assistant
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0283

    Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2287

    Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : 442sr_os 442sr
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-2286

    lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim... Read more

    Affected Products : open_edx
    • Published: Mar. 19, 2016
    • Modified: Apr. 12, 2025

  • 3.6

    LOW
    CVE-2016-3155

    Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : apogee_insight
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-2281

    Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.... Read more

    Affected Products : panel_builder_800
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8154

    The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permission... Read more

    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8153

    SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2015-8152

    Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to... Read more

    Affected Products : endpoint_protection_manager
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2014-9768

    IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of ava... Read more

    Affected Products : tivoli_netview_access_services
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.7

    HIGH
    CVE-2016-1996

    HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1995

    HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1994

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1993

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292802 Results