Total
4146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9368 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | |||||
| CVE-2016-4030 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2026-05-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. | |||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | |||||
| CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2026-05-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10334 | 1 Google | 1 Android | 2026-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||||
| CVE-2016-8273 | 1 Huawei | 1 Hisuite | 2026-05-13 | 6.9 MEDIUM | 7.8 HIGH |
| Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | |||||
| CVE-2014-8168 | 1 Redhat | 1 Satellite | 2026-05-13 | 4.6 MEDIUM | 6.1 MEDIUM |
| Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | |||||
| CVE-2016-7824 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2026-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2026-05-13 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||||
| CVE-2015-5293 | 1 Redhat | 1 Enterprise Virtualization Manager | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | |||||
| CVE-2015-1854 | 2 Debian, Fedoraproject | 3 Debian Linux, 389 Directory Server, Fedora | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | |||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2026-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | |||||
| CVE-2016-9817 | 1 Xen | 1 Xen | 2026-05-13 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||||
| CVE-2016-6085 | 1 Ibm | 1 Bigfix Platform | 2026-05-13 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | |||||
| CVE-2014-3929 | 1 Lg Project | 1 Lg | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. | |||||
| CVE-2016-6095 | 1 Ibm | 1 Security Key Lifecycle Manager | 2026-05-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2016-8942 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2026-05-13 | 3.5 LOW | 3.1 LOW |
| IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | |||||
| CVE-2016-5239 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-05-13 | 6.0 MEDIUM | 7.3 HIGH |
| dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | |||||
| CVE-2016-10382 | 1 Google | 1 Android | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. | |||||