Total
4156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2942 | 1 Ibm | 1 Urbancode Deploy | 2026-05-13 | 6.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | |||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||||
| CVE-2016-8325 | 1 Oracle | 1 One-to-one Fulfillment | 2026-05-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). | |||||
| CVE-2016-3112 | 1 Pulpproject | 1 Pulp | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. | |||||
| CVE-2016-8311 | 1 Oracle | 1 Flexcube Universal Banking | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts). | |||||
| CVE-2016-8282 | 1 Oracle | 1 Flexcube Private Banking | 2026-05-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | |||||
| CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2026-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | |||||
| CVE-2016-5217 | 1 Google | 1 Chrome | 2026-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2015-3653 | 1 Arubanetworks | 1 Clearpass | 2026-05-13 | 9.0 HIGH | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | |||||
| CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2026-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | |||||
| CVE-2015-9047 | 1 Google | 1 Android | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | |||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||||
| CVE-2016-5206 | 1 Google | 1 Chrome | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
| CVE-2016-8643 | 1 Moodle | 1 Moodle | 2026-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | |||||
| CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2026-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2016-5058 | 1 Osram | 1 Lightify Pro | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | |||||
| CVE-2016-7408 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2026-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | |||||
| CVE-2016-8792 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2026-05-13 | 6.2 MEDIUM | 7.1 HIGH |
| Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | |||||