Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9021

    Exponent CMS before 2.6.0 has improper input validation in storeController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.61
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8901

    b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.... Read more

    Affected Products : b2evolution
    • EPSS Score: %0.62
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8900

    Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.51
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8899

    Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.51
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8898

    Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.26
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8897

    Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.26
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8786

    Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C... Read more

    • EPSS Score: %0.22
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8785

    Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malfor... Read more

    • EPSS Score: %0.10
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8784

    Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some para... Read more

    • EPSS Score: %0.07
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-8783

    Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, ... Read more

    • EPSS Score: %0.06
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-8782

    Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper v... Read more

    • EPSS Score: %0.13
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-8750

    Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.... Read more

    Affected Products : karaf
    • EPSS Score: %1.51
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8742

    The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for t... Read more

    Affected Products : couchdb windows
    • EPSS Score: %0.44
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8732

    Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the pr... Read more

    Affected Products : invincea_dell_protected_workspace
    • EPSS Score: %0.06
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-8730

    An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An ... Read more

    Affected Products : coreldraw_photo_paint_x8
    • EPSS Score: %0.20
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8729

    An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can speci... Read more

    Affected Products : mupdf
    • EPSS Score: %0.53
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2016-8728

    An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading ... Read more

    Affected Products : mupdf
    • EPSS Score: %0.59
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-8717

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attacke... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • EPSS Score: %0.37
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8657

    It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init ... Read more

    • EPSS Score: %0.06
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-8656

    Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.... Read more

    • EPSS Score: %0.06
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results