Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-5674

    __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.... Read more

    • EPSS Score: %89.38
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-7119

    Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.... Read more

    Affected Products : dotnetnuke
    • EPSS Score: %0.23
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7118

    fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and syst... Read more

    Affected Products : debian_linux
    • EPSS Score: %0.05
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5336

    VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : vrealize_automation
    • EPSS Score: %1.93
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5335

    VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.... Read more

    • EPSS Score: %0.03
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5333

    VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.... Read more

    Affected Products : photon_os
    • EPSS Score: %1.59
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5332

    Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : vrealize_log_insight
    • EPSS Score: %0.41
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6195

    SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as ex... Read more

    Affected Products : vbulletin
    • EPSS Score: %85.21
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7115

    Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.... Read more

    Affected Products : mac-telnet
    • EPSS Score: %1.06
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5344

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.25
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5342

    Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other p... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.61
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0397

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.... Read more

    Affected Products : bigfix_platform bigfix_webreports
    • EPSS Score: %0.21
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0292

    WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.... Read more

    Affected Products : bigfix_platform bigfix
    • EPSS Score: %0.05
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5721

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.41
    • Published: Aug. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-5399

    Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.... Read more

    Affected Products : phpvibe
    • EPSS Score: %0.13
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5683

    ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.... Read more

    Affected Products : readydesk
    • EPSS Score: %0.08
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-5664

    Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.48
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5663

    Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.30
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5662

    Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : kiteworks kiteworks_appliance
    • EPSS Score: %0.03
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5050

    Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.... Read more

    Affected Products : readydesk
    • EPSS Score: %3.43
    • Published: Aug. 26, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291634 Results