Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-4398

    A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.... Read more

    Affected Products : network_node_manager_i
    • EPSS Score: %20.31
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-4397

    A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.... Read more

    Affected Products : network_node_manager_i
    • EPSS Score: %0.23
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-4392

    A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.... Read more

    Affected Products : business_service_management
    • EPSS Score: %0.27
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4391

    A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.... Read more

    Affected Products : arcsight_winc_connector
    • EPSS Score: %41.61
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-4289

    A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker... Read more

    Affected Products : gmer
    • EPSS Score: %0.13
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3957

    The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.... Read more

    Affected Products : web2py
    • EPSS Score: %12.74
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-3954

    web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.... Read more

    Affected Products : web2py
    • EPSS Score: %0.39
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3953

    The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.... Read more

    Affected Products : web2py
    • EPSS Score: %1.51
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-3952

    web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrati... Read more

    Affected Products : web2py
    • EPSS Score: %0.40
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-3735

    Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an u... Read more

    Affected Products : piwigo
    • EPSS Score: %1.44
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-3709

    Possible cross-site scripting vulnerability in libxml after commit 960f0e2.... Read more

    Affected Products : libxml2
    • EPSS Score: %0.12
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-3192

    Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.19
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-3182

    The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.57
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-3131

    Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.... Read more

    Affected Products : cdh
    • EPSS Score: %0.15
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3098

    Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.... Read more

    Affected Products : administrate
    • EPSS Score: %0.19
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-2983

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.53
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-2922

    IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all th... Read more

    Affected Products : rational_clearquest
    • EPSS Score: %0.20
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2541

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.... Read more

    Affected Products : audacity
    • EPSS Score: %0.86
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2540

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.... Read more

    Affected Products : audacity
    • EPSS Score: %0.91
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2360

    Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291672 Results