Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-3709

    Possible cross-site scripting vulnerability in libxml after commit 960f0e2.... Read more

    Affected Products : libxml2
    • EPSS Score: %0.12
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-3192

    Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.19
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-3182

    The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.... Read more

    Affected Products : openjpeg
    • EPSS Score: %0.57
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-3131

    Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.... Read more

    Affected Products : cdh
    • EPSS Score: %0.15
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-3098

    Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.... Read more

    Affected Products : administrate
    • EPSS Score: %0.19
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-2983

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.... Read more

    Affected Products : tealeaf_customer_experience
    • EPSS Score: %0.53
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-2922

    IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all th... Read more

    Affected Products : rational_clearquest
    • EPSS Score: %0.20
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2541

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.... Read more

    Affected Products : audacity
    • EPSS Score: %0.86
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2540

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.... Read more

    Affected Products : audacity
    • EPSS Score: %0.91
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2360

    Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2359

    Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.... Read more

    • EPSS Score: %0.63
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2358

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2357

    Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2356

    Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.... Read more

    • EPSS Score: %3.51
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2338

    An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as ele... Read more

    Affected Products : ruby debian_linux
    • EPSS Score: %11.84
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-2169

    Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and rec... Read more

    • EPSS Score: %0.24
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-2139

    In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.... Read more

    Affected Products : kippo-graph
    • EPSS Score: %0.19
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2016-2138

    In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.... Read more

    Affected Products : kippo-graph
    • EPSS Score: %0.19
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-2125

    It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other ser... Read more

    • EPSS Score: %12.78
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-2124

    A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.... Read more

    • EPSS Score: %0.60
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results