Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10722

    partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the c... Read more

    Affected Products : partclone
    • EPSS Score: %0.58
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10721

    partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected ap... Read more

    Affected Products : partclone
    • EPSS Score: %1.00
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10719

    TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.... Read more

    Affected Products : archer_cr700_firmware archer_cr700
    • EPSS Score: %0.21
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10718

    Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.... Read more

    Affected Products : brave_browser
    • EPSS Score: %17.95
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-10717

    A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) ... Read more

    Affected Products : malwarebytes_anti-malware
    • EPSS Score: %0.21
    • Published: Mar. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10716

    The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.... Read more

    Affected Products : calendar
    • EPSS Score: %0.28
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10715

    The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.... Read more

    Affected Products : kanban_board
    • EPSS Score: %0.18
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10714

    In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.23
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-10713

    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.... Read more

    Affected Products : patch
    • EPSS Score: %0.37
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10712

    In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))[... Read more

    Affected Products : ubuntu_linux php
    • EPSS Score: %0.31
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10711

    Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.... Read more

    Affected Products : debian_linux pound
    • EPSS Score: %0.80
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10710

    Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.... Read more

    Affected Products : secure_file_transfer
    • EPSS Score: %0.22
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-10709

    pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.... Read more

    Affected Products : pfsense
    • EPSS Score: %77.89
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10708

    sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.... Read more

    • EPSS Score: %1.19
    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10707

    jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.... Read more

    Affected Products : jquery
    • EPSS Score: %0.86
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10706

    The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.... Read more

    Affected Products : jetpack
    • EPSS Score: %0.21
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10705

    The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.... Read more

    Affected Products : jetpack
    • EPSS Score: %0.21
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10698

    mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the reque... Read more

    Affected Products : mystem-fix
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10697

    react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (R... Read more

    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10696

    windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : windows-latestchromedriver
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292517 Results