Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-6589

    A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.... Read more

    Affected Products : it_management_suite
    • EPSS Score: %0.77
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-6588

    A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.... Read more

    Affected Products : it_management_suite
    • EPSS Score: %0.47
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-6587

    An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.13
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-6586

    A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.84
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-6585

    A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.... Read more

    Affected Products : norton_mobile_security
    • EPSS Score: %0.94
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6578

    CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced ... Read more

    Affected Products : filecloud
    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6567

    SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify tha... Read more

    Affected Products : resident_download_manager
    • EPSS Score: %1.25
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6566

    The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POS... Read more

    Affected Products : etrakit3
    • EPSS Score: %14.22
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-6565

    The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbit... Read more

    Affected Products : nextgen_gallery
    • EPSS Score: %1.73
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-6564

    Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This ... Read more

    • EPSS Score: %0.43
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6563

    Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following prod... Read more

    • EPSS Score: %87.96
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-6562

    On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive ... Read more

    Affected Products : shortel_mobility_client
    • EPSS Score: %0.12
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6559

    Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used b... Read more

    Affected Products : freebsd
    • EPSS Score: %1.05
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6558

    A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be execute... Read more

    • EPSS Score: %4.24
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6557

    In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the s... Read more

    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2016-6556

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when ... Read more

    Affected Products : opennms
    • EPSS Score: %0.30
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2016-6555

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the ... Read more

    Affected Products : opennms
    • EPSS Score: %0.30
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6554

    Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vu... Read more

    • EPSS Score: %1.83
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6553

    Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6552

    Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    Affected Products : dx-350_firmware dx-350
    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results