Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-7858

    Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %8.08
    • Published: Nov. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-7857

    Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %8.08
    • Published: Nov. 08, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-7851

    Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.... Read more

    Affected Products : connect
    • EPSS Score: %6.51
    • Published: Nov. 08, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9242

    Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype para... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.43
    • Published: Nov. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-9111

    Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could no... Read more

    Affected Products : receiver_desktop
    • EPSS Score: %3.49
    • Published: Nov. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8910

    The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8909

    The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.... Read more

    • EPSS Score: %0.04
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-8870

    The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow U... Read more

    Affected Products : joomla\!
    • EPSS Score: %91.97
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-8869

    The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.... Read more

    Affected Products : joomla\!
    • EPSS Score: %93.44
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8669

    The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than ba... Read more

    • EPSS Score: %0.07
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8668

    The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.... Read more

    Affected Products : leap qemu
    • EPSS Score: %0.16
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8667

    The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.08
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8578

    The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operat... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.12
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8577

    Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.... Read more

    Affected Products : debian_linux leap qemu
    • EPSS Score: %0.12
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-8576

    The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Bloc... Read more

    • EPSS Score: %0.11
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-9190

    Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %0.57
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-9189

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %0.36
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9188

    Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9187

    Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecifie... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9186

    Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecif... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291804 Results