Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-2359

    Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.... Read more

    • EPSS Score: %0.63
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2358

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2357

    Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2356

    Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.... Read more

    • EPSS Score: %3.51
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2338

    An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as ele... Read more

    Affected Products : ruby debian_linux
    • EPSS Score: %11.84
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-2169

    Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and rec... Read more

    • EPSS Score: %0.24
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-2139

    In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.... Read more

    Affected Products : kippo-graph
    • EPSS Score: %0.19
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-2138

    In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.... Read more

    Affected Products : kippo-graph
    • EPSS Score: %0.19
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-2125

    It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other ser... Read more

    • EPSS Score: %12.78
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-2124

    A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.... Read more

    • EPSS Score: %0.60
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-2123

    A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any ... Read more

    Affected Products : samba
    • EPSS Score: %1.47
    • Published: Nov. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2121

    A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.... Read more

    Affected Products : openstack
    • EPSS Score: %0.07
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-2120

    An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that rec... Read more

    Affected Products : debian_linux authoritative recursor
    • EPSS Score: %0.13
    • Published: Nov. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-2032

    A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP po... Read more

    Affected Products : arubaos airwave aruba_instant
    • EPSS Score: %2.17
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2031

    Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive... Read more

    • EPSS Score: %0.97
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20018

    Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.... Read more

    Affected Products : knex
    • EPSS Score: %0.25
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20014

    In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.... Read more

    Affected Products : pam_tacplus
    • EPSS Score: %0.30
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20013

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.... Read more

    Affected Products : sha256crypt sha512crypt
    • EPSS Score: %0.20
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-20012

    OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combinatio... Read more

    • EPSS Score: %25.27
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20011

    libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.... Read more

    Affected Products : libgrss
    • EPSS Score: %0.36
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291672 Results