Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-4827

    Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.... Read more

    • EPSS Score: %0.44
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4826

    Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.... Read more

    • EPSS Score: %0.44
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2016-4825

    The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.... Read more

    • EPSS Score: %6.50
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-4824

    The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.... Read more

    • EPSS Score: %0.34
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4823

    Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.... Read more

    Affected Products : cg-wlbaragm_firmware cg-wlbargmh
    • EPSS Score: %0.68
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.0

    HIGH
    CVE-2016-4822

    Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %1.65
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-1193

    Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.36
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1190

    Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.17
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 8.1

    HIGH
    CVE-2016-1189

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.21
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-1188

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.21
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-4528

    Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.14
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-4525

    Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %0.14
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4519

    Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.... Read more

    Affected Products : visilogic_oplc_ide
    • EPSS Score: %6.41
    • Published: Jun. 25, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-5723

    Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.... Read more

    Affected Products : fusioninsight_hd
    • EPSS Score: %0.02
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-5722

    Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniff... Read more

    • EPSS Score: %0.21
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-5709

    SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.... Read more

    Affected Products : virtualization_manager
    • EPSS Score: %0.10
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-5435

    Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows r... Read more

    • EPSS Score: %0.15
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.9

    MEDIUM
    CVE-2016-5021

    The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x befor... Read more

    • EPSS Score: %0.16
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-4802

    Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll... Read more

    Affected Products : curl
    • EPSS Score: %0.45
    • Published: Jun. 24, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1439

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 23, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291293 Results