| | CVE-2015-3192 | VMware | medium | 5.5 | 1.4%
| | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD decla… | Jul 12, 2016 | May 6, 2026 |
| | CVE-2016-1445 | Cisco | medium | 5.3 | 0.3%
| | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypa… | Jul 12, 2016 | May 6, 2026 |
| | CVE-2016-4463 | Apache | high | 7.5 | 38.3%
| | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to … | Jul 8, 2016 | May 6, 2026 |
| | CVE-2016-1444 | Cisco | medium | 6.5 | 0.1%
| | The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) … | Jul 7, 2016 | May 6, 2026 |
| | CVE-2016-1443 | Cisco | high | 8.1 | 0.4%
| | The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote atta… | Jul 7, 2016 | May 6, 2026 |
| | CVE-2016-1442 | Cisco | high | 8.8 | 0.7%
| | The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authe… | Jul 7, 2016 | May 6, 2026 |
| | CVE-2016-4979 | Apache | high | 7.5 | 17.4%
| | The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not prope… | Jul 6, 2016 | May 6, 2026 |
| | CVE-2016-1546 | Apache | medium | 5.9 | 41.5%
| | The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of si… | Jul 6, 2016 | May 6, 2026 |
| | CVE-2016-4465 | Apache | medium | 5.3 | 10.4%
| | The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remo… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-4438 | Apache | critical | 9.8 | 62.1%
| | The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitr… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-4433 | Apache | high | 7.5 | 3.5%
| | Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictio… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-4431 | Apache | high | 7.5 | 8.2%
| | Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictio… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-4430 | Apache | high | 8.8 | 1.3%
| | Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers t… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-3092 | Apache | high | 7.5 | 33.9%
| | The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x be… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-1182 | Apache | high | 8.2 | 1.8%
| | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator co… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-1181 | Apache | high | 8.1 | 9.4%
| | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an Actio… | Jul 4, 2016 | May 6, 2026 |
| | CVE-2015-0899 | Apache | high | 7.5 | 69.5%
| | The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers … | Jul 4, 2016 | May 6, 2026 |
| | CVE-2016-2082 | VMware | high | 8.8 | 0.1%
| | Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-2081 | VMware | medium | 6.1 | 0.2%
| | Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 all… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-2079 | VMware | medium | 5.9 | 0.4%
| | VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1441 | Cisco | high | 8.2 | 0.2%
| | Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allo… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1394 | Cisco | high | 8.6 | 0.7%
| | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote att… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2015-6931 | VMware | medium | 6.1 | 0.2%
| | Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 befo… | Jul 3, 2016 | May 6, 2026 |
| | CVE-2016-1440 | Cisco | medium | 5.3 | 0.4%
| | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote atta… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1416 | Cisco | critical | 9.8 | 5.1%
| | Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, w… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1408 | Cisco | high | 8.8 | 0.4%
| | Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-1289 | Cisco | critical | 9.8 | 2.7%
| | The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM… | Jul 2, 2016 | May 6, 2026 |
| | CVE-2016-5020 | F5 | high | 8.8 | 1.8%
| | F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of… | Jun 30, 2016 | May 6, 2026 |
| | CVE-2016-4472 | Trellix | high | 8.1 | 2.3%
| | The overflow protection in Expat is removed by compilers with certain optimization settings, which a… | Jun 30, 2016 | May 6, 2026 |
| | CVE-2016-5021 | F5 | medium | 4.9 | 0.2%
| | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM … | Jun 24, 2016 | May 6, 2026 |
| | CVE-2016-1439 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-1437 | Cisco | medium | 6.5 | 0.2%
| | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-1436 | Cisco | high | 7.5 | 0.7%
| | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000… | Jun 23, 2016 | May 6, 2026 |
| | CVE-2016-2177 | HPE | critical | 9.8 | 29.1%
| | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which mi… | Jun 20, 2016 | May 6, 2026 |
| | CVE-2016-4371 | HPE | high | 8.0 | 0.1%
| | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authen… | Jun 19, 2016 | May 6, 2026 |
| | CVE-2016-1431 | Cisco | medium | 6.1 | 0.4%
| | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, … | Jun 18, 2016 | May 6, 2026 |
| | CVE-2016-1427 | Cisco | high | 7.5 | 0.3%
| | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.… | Jun 18, 2016 | May 6, 2026 |
| | CVE-2016-3687 | F5 | medium | 5.3 | 0.4%
| | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 an… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3235 | Microsoft | high | 7.8 | 81.6%
| ⚠ KEV | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Vis… | Jun 16, 2016 | Apr 22, 2026 |
| | CVE-2016-3234 | Microsoft | medium | 5.5 | 27.2%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer,… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3233 | Microsoft | high | 7.3 | 29.8%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers t… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3231 | Microsoft | high | 7.8 | 3.1%
| | The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows l… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3222 | Microsoft | high | 8.8 | 67.5%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3215 | Microsoft | medium | 5.5 | 37.8%
| | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow re… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3214 | Microsoft | high | 8.8 | 22.8%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3213 | Microsoft | high | 8.8 | 78.3%
| | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3212 | Microsoft | medium | 6.1 | 22.4%
| | The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, wh… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3211 | Microsoft | high | 8.8 | 18.5%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3210 | Microsoft | high | 8.8 | 17.9%
| | The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote at… | Jun 16, 2016 | May 6, 2026 |
| | CVE-2016-3207 | Microsoft | high | 7.5 | 13.2%
| | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t… | Jun 16, 2016 | May 6, 2026 |