Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-9490

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?R... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9489

    In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change... Read more

    Affected Products : manageengine_applications_manager
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9488

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9487

    EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victi... Read more

    Affected Products : epubcheck
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9486

    On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the l... Read more

    Affected Products : secureconnector
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9485

    On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the l... Read more

    Affected Products : secureconnector
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9484

    The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version ... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9483

    The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9482

    Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel... Read more

    Affected Products : php_formmail_generator
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-9335

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Manag... Read more

    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-9271

    Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.... Read more

    Affected Products : cloudera_manager
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9166

    NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.... Read more

    Affected Products : netiq_edirectory edirectory
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-9094

    Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU... Read more

    Affected Products : endpoint_protection
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2016-9093

    A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an ... Read more

    Affected Products : endpoint_protection
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9080

    Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9078

    Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting ... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2016-9077

    Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerabil... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9076

    An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9075

    An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-9074

    An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292801 Results