Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-8380

    The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.... Read more

    Affected Products : ilc_plcs_firmware ilc_plcs
    • EPSS Score: %24.34
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8371

    The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.... Read more

    Affected Products : ilc_plcs_firmware ilc_plcs
    • EPSS Score: %24.34
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2016-8366

    Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clea... Read more

    Affected Products : ilc_plcs_firmware ilc_plcs
    • EPSS Score: %11.60
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-8365

    OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versi... Read more

    • EPSS Score: %0.11
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-8220

    Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route.... Read more

    Affected Products : gemfire
    • EPSS Score: %0.32
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7576

    In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.17
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7550

    asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).... Read more

    Affected Products : asterisk
    • EPSS Score: %0.12
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-7524

    coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.98
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-7523

    coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.36
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7475

    Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.... Read more

    • EPSS Score: %0.65
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-7472

    F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.... Read more

    • EPSS Score: %9.12
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7443

    Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.93
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7404

    OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation t... Read more

    Affected Products : magnum
    • EPSS Score: %2.86
    • Published: Jun. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7398

    A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via c... Read more

    Affected Products : ext-http
    • EPSS Score: %5.72
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-7394

    tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.24
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-7151

    Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.... Read more

    Affected Products : capstone
    • EPSS Score: %0.18
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7078

    foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). ... Read more

    Affected Products : foreman
    • EPSS Score: %0.24
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7077

    foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.... Read more

    Affected Products : foreman
    • EPSS Score: %0.18
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-7076

    sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec rest... Read more

    Affected Products : sudo
    • EPSS Score: %0.07
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-7075

    It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 cert... Read more

    Affected Products : openshift kubernetes
    • EPSS Score: %0.29
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results