| | CVE-2016-3390 |  Microsoft | high | 7.5 | 20.5%
| | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to… | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3389 | Microsoft | high | 7.5 | 16.8%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3388 | Microsoft | medium | 5.3 | 47.2%
| | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3387 | Microsoft | high | 7.5 | 33.3%
| | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3386 | Microsoft | high | 7.5 | 75.9%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3385 | Microsoft | high | 7.5 | 14.9%
| | The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3384 | Microsoft | high | 7.5 | 16.3%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3383 | Microsoft | high | 7.5 | 14.5%
| | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d… | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3382 | Microsoft | high | 7.5 | 17.8%
| | The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote at… | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3331 | Microsoft | high | 7.5 | 17.8%
| | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code o… | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3298 | Microsoft | medium | 6.5 | 27.7%
| ⚠ KEV | Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Window… | Oct 14, 2016 | Apr 22, 2026 |
| | CVE-2016-3267 | Microsoft | medium | 5.3 | 18.4%
| | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3263 | Microsoft | medium | 5.5 | 19.1%
| | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3262 | Microsoft | medium | 5.5 | 19.1%
| | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-3209 | Microsoft | medium | 5.5 | 19.2%
| | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 … | Oct 14, 2016 | May 6, 2026 |
| | CVE-2016-6325 |  Apache | high | 7.8 | 0.1%
| | The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss E… | Oct 13, 2016 | May 6, 2026 |
| | CVE-2016-5425 | Apache | high | 7.8 | 11.6%
| | The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly … | Oct 13, 2016 | May 6, 2026 |
| | CVE-2016-6436 |  Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6435 | Cisco | medium | 6.5 | 55.0%
| | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6434 | Cisco | high | 7.8 | 0.4%
| | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6433 | Cisco | high | 8.8 | 69.7%
| | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6427 | Cisco | high | 8.8 | 0.1%
| | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 th… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6425 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9… | Oct 6, 2016 | May 6, 2026 |
| | CVE-2016-6426 | Cisco | high | 7.5 | 0.2%
| | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-6418 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-6417 | Cisco | high | 8.8 | 0.1%
| | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-6416 | Cisco | medium | 5.9 | 0.9%
| | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-0… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-7561 |  Fortinet | high | 7.2 | 0.3%
| | Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow admin… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-7560 | Fortinet | critical | 9.8 | 2.6%
| | The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, an… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-5745 |  F5 | critical | 9.8 | 3.9%
| | F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 bef… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-6420 | Cisco | medium | 6.5 | 0.0%
| | Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote au… | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-6419 | Cisco | high | 7.5 | 0.5%
| | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote … | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-4390 |  HPE | high | 8.1 | 2.0%
| | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code … | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-4389 | HPE | high | 8.1 | 2.0%
| | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code … | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-4388 | HPE | high | 8.1 | 2.2%
| | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code … | Oct 5, 2016 | May 6, 2026 |
| | CVE-2016-4387 | HPE | high | 8.1 | 2.0%
| | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code … | Oct 5, 2016 | May 6, 2026 |
| | CVE-2015-1832 | Apache | critical | 9.1 | 0.8%
| | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, whe… | Oct 3, 2016 | May 6, 2026 |
| | CVE-2016-5019 | Apache | critical | 9.8 | 6.0%
| | CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x… | Oct 3, 2016 | May 6, 2026 |
| | CVE-2016-5700 | F5 | critical | 9.8 | 5.6%
| | Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, … | Oct 3, 2016 | May 6, 2026 |
| | CVE-2016-4436 | Apache | critical | 9.8 | 5.7%
| | Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via … | Oct 3, 2016 | May 6, 2026 |
| | CVE-2016-1240 | Apache | high | 7.8 | 22.1%
| | The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.… | Oct 3, 2016 | May 6, 2026 |
| | CVE-2016-4386 | HPE | high | 7.8 | 0.1%
| | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified… | Sep 29, 2016 | May 6, 2026 |
| | CVE-2016-4385 | HPE | high | 7.3 | 3.7%
| | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x be… | Sep 29, 2016 | May 6, 2026 |
| | CVE-2016-7191 | Microsoft | high | 8.1 | 3.8%
| | The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2… | Sep 28, 2016 | May 6, 2026 |
| | CVE-2016-4978 | Apache | high | 7.2 | 1.4%
| | The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis br… | Sep 27, 2016 | May 6, 2026 |
| | CVE-2016-6306 | HPE | medium | 5.9 | 8.1%
| | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers… | Sep 26, 2016 | May 6, 2026 |
| | CVE-2016-5395 | Apache | medium | 4.8 | 0.1%
| | Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool i… | Sep 26, 2016 | May 6, 2026 |
| | CVE-2016-6413 | Cisco | high | 7.8 | 0.1%
| | The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(… | Sep 24, 2016 | May 6, 2026 |
| | CVE-2016-6411 | Cisco | high | 7.5 | 0.2%
| | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between … | Sep 24, 2016 | May 6, 2026 |
| | CVE-2016-6408 | Cisco | high | 7.5 | 0.4%
| | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containin… | Sep 24, 2016 | May 6, 2026 |