Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-9189

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %0.36
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-9188

    Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9187

    Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecifie... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-9186

    Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecif... Read more

    Affected Products : moodle
    • EPSS Score: %3.28
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-9185

    In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.... Read more

    Affected Products : heat
    • EPSS Score: %0.53
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9184

    In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do no... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.53
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9183

    In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.48
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9182

    Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by defau... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.18
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9177

    Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.... Read more

    Affected Products : spark
    • EPSS Score: %1.57
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9176

    Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.... Read more

    Affected Products : rumba
    • EPSS Score: %0.97
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-6455

    A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial o... Read more

    Affected Products : asr_5000_software asr_5500
    • EPSS Score: %0.78
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6454

    A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Aff... Read more

    • EPSS Score: %0.16
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.3

    HIGH
    CVE-2016-6453

    A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).... Read more

    Affected Products : identity_services_engine
    • EPSS Score: %0.34
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6452

    A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 an... Read more

    Affected Products : prime_home
    • EPSS Score: %3.92
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6451

    Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. M... Read more

    Affected Products : prime_collaboration_provisioning
    • EPSS Score: %0.49
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6448

    A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Serv... Read more

    Affected Products : meeting_server
    • EPSS Score: %7.59
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6447

    A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano... Read more

    Affected Products : meeting_server meeting_app
    • EPSS Score: %7.59
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6441

    A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Serie... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %3.45
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6430

    A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known ... Read more

    • EPSS Score: %0.06
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6429

    A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releas... Read more

    • EPSS Score: %0.27
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291808 Results