Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-0346

    Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.24
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-0221

    Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arb... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.24
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4512

    Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.... Read more

    Affected Products : elcsoft
    • EPSS Score: %6.41
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.0

    MEDIUM
    CVE-2016-4509

    Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.... Read more

    Affected Products : elcsoft
    • EPSS Score: %2.55
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2016-3989

    The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remo... Read more

    • EPSS Score: %5.28
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3988

    Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices ... Read more

    • EPSS Score: %0.47
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3962

    Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmw... Read more

    • EPSS Score: %11.11
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1228

    Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier ... Read more

    • EPSS Score: %0.10
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-1227

    NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitra... Read more

    • EPSS Score: %1.06
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2015-5664

    Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : qts
    • EPSS Score: %0.31
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5739

    The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CS... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %0.90
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5734

    phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted s... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %72.92
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5733

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mi... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %1.62
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5732

    Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web scr... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.26
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5731

    Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error messag... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %0.41
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-5730

    phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data t... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %0.95
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5706

    js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %2.02
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5705

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user pr... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %0.58
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5704

    Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.30
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5703

    SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.... Read more

    Affected Products : leap phpmyadmin opensuse
    • EPSS Score: %1.54
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291219 Results