Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10971

    The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.... Read more

    Affected Products : membersonic
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15011

    A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulatio... Read more

    Affected Products : dssp
    • Published: Jan. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1928

    Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.... Read more

    Affected Products : hana
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2231

    The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device ... Read more

    Affected Products : mt882 mt882_firmware
    • Published: Feb. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-10075

    The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.... Read more

    Affected Products : karo
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3745

    Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obt... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4522

    SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : factorytalk_energrymetrix
    • Published: Jul. 28, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6095

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6829

    The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access ... Read more

    Affected Products : barclamp-trove crowbar-openstack
    • Published: Dec. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7400

    Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, o... Read more

    Affected Products : exponent_cms
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-2000

    The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : jumio_sdk
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8347

    An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.... Read more

    Affected Products : webdatorcentral
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6164

    Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8900

    Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.... Read more

    Affected Products : exponent_cms
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9176

    Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.... Read more

    Affected Products : rumba
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9303

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9492

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This ... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9835

    Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.... Read more

    Affected Products : zikula_application_framework
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-0905

    The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of A... Read more

    Affected Products : recurly_client_ruby
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-0909

    The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.... Read more

    Affected Products : private_address_check
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294068 Results