| | CVE-2016-3082 | Apache | critical | 9.8 | 24.6%
| | XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.2… | Apr 26, 2016 | May 6, 2026 |
| | CVE-2016-3081 | Apache | high | 8.1 | 94.0%
| | Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invo… | Apr 26, 2016 | May 6, 2026 |
| | CVE-2016-3427 | Apache | critical | 9.8 | 94.0%
| ⚠ KEV | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki… | Apr 21, 2016 | Apr 22, 2026 |
| | CVE-2016-2008 | HPE | critical | 9.8 | 13.2%
| | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to … | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-2007 | HPE | critical | 9.8 | 47.3%
| | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to … | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-2006 | HPE | critical | 9.8 | 47.3%
| | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to … | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-2005 | HPE | critical | 9.8 | 47.3%
| | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to … | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-2004 | HPE | critical | 9.8 | 92.7%
| | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to e… | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-1364 | Cisco | high | 7.5 | 0.5%
| | Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8… | Apr 21, 2016 | May 6, 2026 |
| | CVE-2015-6360 | Cisco | high | 7.5 | 18.5%
| | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a d… | Apr 21, 2016 | May 6, 2026 |
| | CVE-2016-2003 | HPE | critical | 9.8 | 1.1%
| | HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x… | Apr 20, 2016 | May 6, 2026 |
| | CVE-2015-1776 | Apache | medium | 6.2 | 0.1%
| | Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with… | Apr 19, 2016 | May 6, 2026 |
| | CVE-2016-1340 | Cisco | high | 8.4 | 0.1%
| | Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(… | Apr 16, 2016 | May 6, 2026 |
| | CVE-2016-1339 | Cisco | high | 7.8 | 0.2%
| | Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows lo… | Apr 16, 2016 | May 6, 2026 |
| | CVE-2015-5348 | Apache | high | 8.1 | 6.8%
| | Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) ca… | Apr 15, 2016 | May 6, 2026 |
| | CVE-2016-2076 | VMware | high | 7.6 | 0.4%
| | Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vC… | Apr 15, 2016 | May 6, 2026 |
| | CVE-2015-5343 | Apache | high | 7.6 | 19.1%
| | Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x… | Apr 14, 2016 | May 6, 2026 |
| | CVE-2016-1352 | Cisco | critical | 9.8 | 0.4%
| | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to… | Apr 14, 2016 | May 6, 2026 |
| | CVE-2016-3686 | F5 | medium | 5.9 | 0.5%
| | The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.… | Apr 13, 2016 | May 6, 2026 |
| | CVE-2016-2084 | F5 | high | 7.4 | 0.5%
| | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build… | Apr 13, 2016 | May 6, 2026 |
| | CVE-2016-2001 | HPE | high | 7.4 | 0.5%
| | HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-1377 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attack… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0166 | Microsoft | high | 7.5 | 9.8%
| | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0164 | Microsoft | high | 7.5 | 12.8%
| | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0162 | Microsoft | medium | 4.3 | 38.0%
| ⚠ KEV | Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files… | Apr 12, 2016 | Apr 21, 2026 |
| | CVE-2016-0161 | Microsoft | medium | 6.5 | 23.9%
| | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0160 | Microsoft | high | 7.8 | 1.2%
| | Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges v… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0159 | Microsoft | high | 7.5 | 9.8%
| | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0158 | Microsoft | medium | 6.5 | 18.9%
| | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0157 | Microsoft | high | 7.5 | 12.4%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0156 | Microsoft | high | 7.5 | 18.4%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0155 | Microsoft | high | 7.5 | 16.0%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0154 | Microsoft | high | 7.5 | 16.3%
| | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0148 | Microsoft | high | 7.8 | 8.2%
| | Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain … | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0147 | Microsoft | high | 8.8 | 26.4%
| | Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web … | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0145 | Microsoft | high | 8.8 | 74.8%
| | The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; … | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0139 | Microsoft | high | 7.8 | 30.3%
| | Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbi… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0136 | Microsoft | high | 7.8 | 40.6%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoin… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0127 | Microsoft | high | 7.8 | 29.9%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Com… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0122 | Microsoft | high | 7.8 | 39.9%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 f… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2015-7520 | Apache | medium | 6.1 | 1.4%
| | Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleCh… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2015-5347 | Apache | medium | 6.1 | 1.7%
| | Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicke… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-4003 | Apache | medium | 6.1 | 2.6%
| | Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Ap… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-2162 | Apache | medium | 6.1 | 1.2%
| | Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInter… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0785 | Apache | high | 8.8 | 17.8%
| | Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequen… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-2170 | Apache | critical | 9.8 | 13.6%
| | Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute a… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-2166 | Apache | medium | 6.5 | 0.3%
| | The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnect… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2016-0733 | Apache | critical | 9.8 | 1.7%
| | The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lac… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2015-8021 | F5 | medium | 4.3 | 0.1%
| | Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, AS… | Apr 12, 2016 | May 6, 2026 |
| | CVE-2015-5167 | Apache | medium | 6.5 | 0.2%
| | The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass inte… | Apr 12, 2016 | May 6, 2026 |