Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-10716

    The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.... Read more

    Affected Products : calendar
    • EPSS Score: %0.28
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10715

    The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.... Read more

    Affected Products : kanban_board
    • EPSS Score: %0.18
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10714

    In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.23
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-10713

    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.... Read more

    Affected Products : patch
    • EPSS Score: %0.37
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10712

    In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))[... Read more

    Affected Products : ubuntu_linux php
    • EPSS Score: %0.31
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10711

    Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.... Read more

    Affected Products : debian_linux pound
    • EPSS Score: %0.80
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10710

    Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.... Read more

    Affected Products : secure_file_transfer
    • EPSS Score: %0.22
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-10709

    pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.... Read more

    Affected Products : pfsense
    • EPSS Score: %77.89
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10708

    sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.... Read more

    • EPSS Score: %1.19
    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10707

    jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.... Read more

    Affected Products : jquery
    • EPSS Score: %0.86
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10706

    The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.... Read more

    Affected Products : jetpack
    • EPSS Score: %0.21
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10705

    The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.... Read more

    Affected Products : jetpack
    • EPSS Score: %0.21
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10698

    mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the reque... Read more

    Affected Products : mystem-fix
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10697

    react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (R... Read more

    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10696

    windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : windows-latestchromedriver
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10695

    The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swa... Read more

    Affected Products : npm-test-sqlite3-trunk
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10694

    alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code executio... Read more

    Affected Products : alto-saxophone
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10693

    pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources wit... Read more

    Affected Products : pm2-kafka
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10692

    haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker contr... Read more

    Affected Products : haxeshim
    • EPSS Score: %1.64
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10691

    windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requeste... Read more

    Affected Products : windows-seleniumjar
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292512 Results