Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2015-8973

    xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.... Read more

    Affected Products : mybb merge_system
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2016-9039

    An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never free... Read more

    Affected Products : smartos
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2016-6621

    The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.... Read more

    Affected Products : phpmyadmin
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-5117

    OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.... Read more

    Affected Products : openntpd
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2016-3176

    Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.... Read more

    Affected Products : salt
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-2050

    The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.... Read more

    Affected Products : libdwarf
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2016-10043

    An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands ... Read more

    Affected Products : web_panel
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9249

    An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).... Read more

    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9132

    In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later... Read more

    Affected Products : botan
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9119

    Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ubuntu_linux debian_linux moinmoin
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7798

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.... Read more

    Affected Products : debian_linux openssl openssl
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6604

    NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.... Read more

    Affected Products : android exynos_fimg2d
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-6270

    The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to a... Read more

    Affected Products : virtual_mobile_infrastructure
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2016-6269

    Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6268

    Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6267

    SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGr... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6266

    ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey para... Read more

    Affected Products : smart_protection_server
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6167

    Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.... Read more

    Affected Products : putty
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-5434

    libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.... Read more

    Affected Products : pacman
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5026

    hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.... Read more

    Affected Products : onionshare
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293280 Results