Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-10726

    The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passw... Read more

    Affected Products : dspace
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10725

    In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated ... Read more

    Affected Products : bitcoin_core bitcoin-qt bitcoind
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-10724

    Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because... Read more

    Affected Products : bitcoin_core bitcoin-qt bitcoind
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-10723

    An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10722

    partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the c... Read more

    Affected Products : partclone
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10721

    partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected ap... Read more

    Affected Products : partclone
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10719

    TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.... Read more

    Affected Products : archer_cr700_firmware archer_cr700
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10718

    Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.... Read more

    Affected Products : brave_browser
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-10717

    A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) ... Read more

    Affected Products : malwarebytes_anti-malware
    • Published: Mar. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10716

    The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.... Read more

    Affected Products : calendar
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10715

    The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.... Read more

    Affected Products : kanban_board
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10714

    In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.... Read more

    Affected Products : ubuntu_linux zsh
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-10713

    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.... Read more

    Affected Products : patch
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10712

    In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))[... Read more

    Affected Products : ubuntu_linux php
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10711

    Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.... Read more

    Affected Products : debian_linux pound
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10710

    Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.... Read more

    Affected Products : secure_file_transfer
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2016-10709

    pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.... Read more

    Affected Products : pfsense
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10708

    sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.... Read more

    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10707

    jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.... Read more

    Affected Products : jquery
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10706

    The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.... Read more

    Affected Products : jetpack
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292837 Results