Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-1000110

    The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.... Read more

    Affected Products : fedora debian_linux python
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-1000109

    HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect ... Read more

    Affected Products : hhvm
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-1000108

    yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers... Read more

    Affected Products : debian_linux yaws
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-1000107

    inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an appl... Read more

    Affected Products : erlang\/otp
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-1000104

    A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.... Read more

    Affected Products : leap opensuse mod_fcgid
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-1000037

    Pagure: XSS possible in file attachment endpoint... Read more

    Affected Products : enterprise_linux fedora pagure
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000030

    Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploita... Read more

    Affected Products : linux_enterprise_server pidgin
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2016-1000029

    Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).... Read more

    Affected Products : nessus
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2016-1000028

    Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).... Read more

    Affected Products : nessus
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000027

    Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentic... Read more

    Affected Products : spring_framework
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000006

    hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.... Read more

    Affected Products : hhvm
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000005

    mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), ... Read more

    Affected Products : hhvm
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000004

    Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.... Read more

    Affected Products : hhvm
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2016-1000002

    gdm3 3.14.2 and possibly later has an information leak before screen lock... Read more

    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-0898

    MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.... Read more

    Affected Products : pivotal_software_mysql
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-0796

    WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage t... Read more

    Affected Products : mb.miniaudioplayer
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-0750

    The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or... Read more

    Affected Products : infinispan
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-0715

    Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-201... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-0708

    Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have b... Read more

    Affected Products : cf-release java_buildpack
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-0373

    IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.... Read more

    Affected Products : urbancode_deploy
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293280 Results