Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-9577

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.... Read more

    • EPSS Score: %3.86
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9575

    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profil... Read more

    Affected Products : freeipa
    • EPSS Score: %0.27
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9574

    nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.... Read more

    Affected Products : network_security_services
    • EPSS Score: %0.18
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9573

    An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.... Read more

    • EPSS Score: %1.41
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9572

    A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a ... Read more

    Affected Products : openjpeg debian_linux
    • EPSS Score: %1.77
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9570

    cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.39
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-9569

    The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.13
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9568

    A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.... Read more

    Affected Products : carbon_black
    • EPSS Score: %0.72
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9500

    Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.74
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-9499

    Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.51
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9498

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as we... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %71.20
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9497

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unau... Read more

    • EPSS Score: %3.88
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9496

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.... Read more

    • EPSS Score: %2.44
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9495

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.... Read more

    • EPSS Score: %0.22
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9494

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to proper... Read more

    • EPSS Score: %0.24
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9493

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not in... Read more

    Affected Products : php_formmail_generator
    • EPSS Score: %0.21
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9492

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This ... Read more

    Affected Products : php_formmail_generator
    • EPSS Score: %0.83
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2016-9491

    ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %0.81
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9490

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?R... Read more

    • EPSS Score: %0.85
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9489

    In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %0.36
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291564 Results