Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2016-10745

    In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.... Read more

    Affected Products : jinja
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10744

    In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.... Read more

    Affected Products : select2
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10743

    hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.... Read more

    Affected Products : hostapd
    • Published: Mar. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10742

    Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.... Read more

    Affected Products : debian_linux zabbix
    • Published: Feb. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2016-10741

    In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2016-10740

    Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.... Read more

    Affected Products : crowd
    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-10739

    In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it ... Read more

    Affected Products : leap glibc
    • Published: Jan. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10738

    Zenbership v107 has CSRF via admin/cp-functions/event-add.php.... Read more

    Affected Products : zenbership
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10737

    Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.... Read more

    Affected Products : serendipity
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10736

    The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.... Read more

    Affected Products : social_pug
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10735

    In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.... Read more

    Affected Products : bootstrap
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10734

    ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.... Read more

    Affected Products : projectsend
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10733

    ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.... Read more

    Affected Products : projectsend
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10732

    ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.... Read more

    Affected Products : projectsend
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10731

    ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request paramete... Read more

    Affected Products : projectsend
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-10730

    An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs bin... Read more

    Affected Products : enterprise_linux amanda
    • Published: Oct. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-10729

    An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands a... Read more

    Affected Products : enterprise_linux debian_linux amanda
    • Published: Oct. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-10728

    An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule gr... Read more

    Affected Products : suricata suricata
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10727

    camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it eas... Read more

    Affected Products : ubuntu_linux evolution
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10726

    The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passw... Read more

    Affected Products : dspace
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292836 Results