Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-20018

    Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.... Read more

    Affected Products : knex
    • EPSS Score: %0.25
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20014

    In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.... Read more

    Affected Products : pam_tacplus
    • EPSS Score: %0.30
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20013

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.... Read more

    Affected Products : sha256crypt sha512crypt
    • EPSS Score: %0.20
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-20012

    OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combinatio... Read more

    • EPSS Score: %25.27
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20011

    libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.... Read more

    Affected Products : libgrss
    • EPSS Score: %0.36
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-20010

    EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.... Read more

    Affected Products : image_optimizer
    • EPSS Score: %6.83
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20009

    A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    • EPSS Score: %0.42
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20008

    The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.32
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20007

    The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.28
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20006

    The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.33
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20005

    The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.36
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20004

    The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.36
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-20003

    The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.32
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20002

    The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.36
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20001

    The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.36
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-1600

    The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.... Read more

    Affected Products : identity_manager identity_manager
    • EPSS Score: %0.32
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-1587

    The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but mali... Read more

    Affected Products : snapweb
    • EPSS Score: %0.28
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-1586

    A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.... Read more

    Affected Products : oxide
    • EPSS Score: %0.18
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-1584

    In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.... Read more

    Affected Products : unity8
    • EPSS Score: %0.24
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1579

    UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any con... Read more

    Affected Products : ubuntu_download_manager
    • EPSS Score: %0.20
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results