Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-15034

    A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to add... Read more

    Affected Products : dynacase_webdesk
    • EPSS Score: %0.04
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15033

    The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attacker... Read more

    Affected Products : delete_all_comments
    • EPSS Score: %5.04
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15032

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER... Read more

    Affected Products : mh_httpbl
    • EPSS Score: %0.07
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15031

    A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myus... Read more

    Affected Products : php-login
    • EPSS Score: %0.04
    • Published: May. 06, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15030

    A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This ... Read more

    Affected Products : twofactorauth
    • EPSS Score: %0.04
    • Published: Mar. 25, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15029

    A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can b... Read more

    Affected Products : mapicoin
    • EPSS Score: %0.06
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-15028

    A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper... Read more

    Affected Products : rest_api
    • EPSS Score: %0.03
    • Published: Mar. 12, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15027

    A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-dupl... Read more

    Affected Products : post_duplicator
    • EPSS Score: %0.16
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-15026

    A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1... Read more

    Affected Products : dd-plist
    • EPSS Score: %0.06
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15025

    A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. ... Read more

    Affected Products : generator-hottowel
    • EPSS Score: %0.07
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-15024

    A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploit... Read more

    Affected Products : doomsider_shadow
    • EPSS Score: %0.02
    • Published: Feb. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-15023

    A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading... Read more

    Affected Products : application_server
    • EPSS Score: %0.09
    • Published: Jan. 31, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-15022

    A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cr... Read more

    Affected Products : cimage
    • EPSS Score: %0.05
    • Published: Jan. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15021

    A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The identifier of the patch is cbc79a68... Read more

    Affected Products : als_data_browser
    • EPSS Score: %0.04
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15020

    A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to addre... Read more

    Affected Products : liftkit_database_library
    • EPSS Score: %0.05
    • Published: Jan. 16, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-15019

    A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated rem... Read more

    Affected Products : jekbox
    • EPSS Score: %0.11
    • Published: Jan. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15018

    A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The identifier of the patch is c1e8486... Read more

    Affected Products : krail-jpa
    • EPSS Score: %0.05
    • Published: Jan. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15017

    A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrad... Read more

    Affected Products : media_upload
    • EPSS Score: %0.09
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15016

    A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to versi... Read more

    Affected Products : joomla_mod_einsatz_stats
    • EPSS Score: %0.05
    • Published: Jan. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-15015

    A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexit... Read more

    Affected Products : barzahlen_payment_module_php_sdk
    • EPSS Score: %0.10
    • Published: Jan. 08, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results