Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-10199

    The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.... Read more

    Affected Products : gstreamer
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10198

    The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.... Read more

    Affected Products : gstreamer
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10192

    Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10191

    Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10190

    Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8936

    Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.... Read more

    Affected Products : squidguard
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-8832

    Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code... Read more

    Affected Products : dotclear
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8831

    Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.... Read more

    Affected Products : dotclear
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-6024

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.... Read more

    Affected Products : hspa_3g10wve_firmware hspa_3g10wve
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-6023

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execut... Read more

    Affected Products : hspa_3g10wve_firmware hspa_3g10wve
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9686

    The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.... Read more

    Affected Products : puppet_enterprise
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9005

    IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8954

    IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.... Read more

    Affected Products : dashdb_local
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-5934

    IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to ru... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-5918

    IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5902

    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-5900

    IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-0310

    IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0308

    IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0307

    IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293350 Results