Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-3978

    The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect... Read more

    Affected Products : fortios
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3188

    The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, ... Read more

    Affected Products : prepopulate
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3187

    The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.... Read more

    Affected Products : prepopulate
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3154

    The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized obj... Read more

    Affected Products : spip
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3153

    SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.... Read more

    Affected Products : debian_linux spip
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2324

    Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.... Read more

    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2315

    revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.... Read more

    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-6541

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP... Read more

    Affected Products : zimbra_collaboration_server
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8840

    The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcont... Read more

    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3976

    Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.... Read more

    • Actively Exploited
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2851

    Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based... Read more

    Affected Products : debian_linux leap opensuse libotr
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2789

    Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : xenmobile_server
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2563

    Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size respons... Read more

    Affected Products : putty kitty
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-2098

    Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.... Read more

    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-2097

    Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in ... Read more

    Affected Products : rails ruby_on_rails actionpack
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-1531

    Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.... Read more

    Affected Products : exim
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0792

    Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.... Read more

    Affected Products : openshift jenkins
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0791

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.... Read more

    Affected Products : openshift jenkins
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0790

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.... Read more

    Affected Products : openshift jenkins
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-0789

    CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.... Read more

    Affected Products : openshift jenkins
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293352 Results