Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-9036

    An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 pac... Read more

    Affected Products : msgpuck
    • EPSS Score: %1.04
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-8707

    An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code executi... Read more

    Affected Products : debian_linux imagemagick
    • EPSS Score: %1.95
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7968

    KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.... Read more

    Affected Products : kmail
    • EPSS Score: %0.24
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-7967

    KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.... Read more

    Affected Products : kmail
    • EPSS Score: %0.33
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-7966

    Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly ... Read more

    • EPSS Score: %0.18
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-7787

    A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.... Read more

    Affected Products : leap opensuse kde-cli-tools
    • EPSS Score: %0.54
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-2312

    Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6910

    The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or ... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9889

    Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.42
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9561

    The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.24
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9154

    Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automatio... Read more

    • EPSS Score: %0.87
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-8595

    The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.24
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7905

    The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.54
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7785

    The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.28
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7562

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.63
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7555

    The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.33
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7502

    The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.31
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-7450

    The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.22
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7122

    The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.19
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-6881

    The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.44
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292508 Results