| | CVE-2016-2079 |  VMware | medium | 5.9 | 0.4%
| | VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1441 |  Cisco | high | 8.2 | 0.2%
| | Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allo… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1394 | Cisco | high | 8.6 | 0.7%
| | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote att… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2015-6931 | VMware | medium | 6.1 | 0.2%
| | Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 befo… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1440 | Cisco | medium | 5.3 | 0.4%
| | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote atta… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1416 | Cisco | critical | 9.8 | 5.1%
| | Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, w… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1408 | Cisco | high | 8.8 | 0.4%
| | Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1289 | Cisco | critical | 9.8 | 2.7%
| | The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-5020 |  F5 | high | 8.8 | 1.8%
| | F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of… | Jun 30, 2016 | May 6, 2026 |
| | CVE-2016-4472 |  Trellix | high | 8.1 | 2.3%
| | The overflow protection in Expat is removed by compilers with certain optimization settings, which a… | Jun 30, 2016 | May 6, 2026 |
| | CVE-2016-5021 | F5 | medium | 4.9 | 0.2%
| | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM … | Jun 24, 2016 | May 6, 2026 |
| | CVE-2016-1439 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-1437 | Cisco | medium | 6.5 | 0.2%
| | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-1436 | Cisco | high | 7.5 | 0.7%
| | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-2177 |  HPE | critical | 9.8 | 29.1%
| | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which mi… | Jun 20, 2016 | May 6, 2026 |
| | CVE-2016-4371 | HPE | high | 8.0 | 0.1%
| | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authen… | Jun 19, 2016 | May 6, 2026 |
| | CVE-2016-1431 | Cisco | medium | 6.1 | 0.4%
| | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, … | Jun 18, 2016 | May 6, 2026 |
| | CVE-2016-1427 | Cisco | high | 7.5 | 0.3%
| | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.… | Jun 18, 2016 | May 6, 2026 |
| | CVE-2016-3687 | F5 | medium | 5.3 | 0.4%
| | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 an… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3235 |  Microsoft | high | 7.8 | 81.6%
| ⚠ KEV | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Vis… | Jun 16, 2016 | Apr 22, 2026 |
| | CVE-2016-3234 | Microsoft | medium | 5.5 | 27.2%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer,… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3233 | Microsoft | high | 7.3 | 29.8%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers t… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3231 | Microsoft | high | 7.8 | 3.1%
| | The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows l… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3222 | Microsoft | high | 8.8 | 67.5%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3215 | Microsoft | medium | 5.5 | 37.8%
| | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow re… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3214 | Microsoft | high | 8.8 | 22.8%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3213 | Microsoft | high | 8.8 | 78.3%
| | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3212 | Microsoft | medium | 6.1 | 22.4%
| | The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, wh… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3211 | Microsoft | high | 8.8 | 18.5%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3210 | Microsoft | high | 8.8 | 17.9%
| | The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote at… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3207 | Microsoft | high | 7.5 | 13.2%
| | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3206 | Microsoft | high | 7.5 | 14.9%
| | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3205 | Microsoft | high | 7.5 | 14.9%
| | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3203 | Microsoft | high | 7.8 | 49.2%
| | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3202 | Microsoft | high | 7.5 | 14.9%
| | The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Int… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3201 | Microsoft | medium | 6.5 | 30.6%
| | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3199 | Microsoft | high | 8.8 | 19.2%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3198 | Microsoft | medium | 6.5 | 34.9%
| | Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechan… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-0200 | Microsoft | high | 8.8 | 14.0%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-0199 | Microsoft | high | 8.8 | 70.1%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-0028 | Microsoft | medium | 5.5 | 21.1%
| | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-0025 | Microsoft | high | 7.3 | 26.9%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 201… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-2174 |  Apache | high | 7.2 | 0.6%
| | SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote aut… | Jun 13, 2016 | May 6, 2026 |
| | CVE-2016-3085 | Apache | medium | 6.5 | 0.3%
| | Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before… | Jun 10, 2016 | May 6, 2026 |
| | CVE-2016-4448 |  Tenable | critical | 9.8 | 1.2%
| | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via … | Jun 9, 2016 | May 6, 2026 |
| | CVE-2016-4447 | Trellix | high | 7.5 | 2.1%
| | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack… | Jun 9, 2016 | May 6, 2026 |
| | CVE-2016-4369 | HPE | high | 8.8 | 0.5%
| | HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2… | Jun 8, 2016 | May 6, 2026 |
| | CVE-2016-4368 | HPE | critical | 9.8 | 1.2%
| | HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and … | Jun 8, 2016 | May 6, 2026 |
| | CVE-2016-4367 | HPE | high | 7.5 | 1.5%
| | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 … | Jun 8, 2016 | May 6, 2026 |
| | CVE-2016-4366 | HPE | critical | 9.8 | 2.4%
| | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive informati… | Jun 8, 2016 | May 6, 2026 |