Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-9499

    Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.... Read more

    Affected Products : ftp_server
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9498

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as we... Read more

    Affected Products : manageengine_applications_manager
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9497

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unau... Read more

    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9496

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.... Read more

    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9495

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.... Read more

    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-9494

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to proper... Read more

    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9493

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not in... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9492

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This ... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2016-9491

    ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager... Read more

    Affected Products : manageengine_applications_manager
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9490

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?R... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9489

    In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change... Read more

    Affected Products : manageengine_applications_manager
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9488

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9487

    EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victi... Read more

    Affected Products : epubcheck
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9486

    On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the l... Read more

    Affected Products : secureconnector
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9485

    On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the l... Read more

    Affected Products : secureconnector
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9484

    The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version ... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9483

    The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9482

    Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-9335

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Manag... Read more

    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9271

    Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.... Read more

    Affected Products : cloudera_manager
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292770 Results