Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10776 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
CVE-2016-10775 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
CVE-2016-10774 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
CVE-2016-10773 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
CVE-2016-10772 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
CVE-2016-10771 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
CVE-2016-10770 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
CVE-2016-10769 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
CVE-2016-10768 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
CVE-2016-10767 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
CVE-2016-10766 1 Edx 1 Edx-platform 2024-11-21 8.8 High
edx-platform before 2016-06-06 allows CSRF.
CVE-2016-10765 1 Edx 1 Edx-platform 2024-11-21 5.3 Medium
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
CVE-2016-10764 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
CVE-2016-10763 1 Automattic 1 Camptix Event Ticketing 2024-11-21 N/A
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
CVE-2016-10762 1 Automattic 1 Camptix Event Ticketing 2024-11-21 N/A
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
CVE-2016-10761 1 Logitech 10 K360, K360 Firmware, K400r and 7 more 2024-11-21 N/A
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
CVE-2016-10760 1 Seowonintech 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more 2024-11-21 N/A
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
CVE-2016-10759 1 Precurio 1 Precurio 2024-11-21 N/A
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.
CVE-2016-10758 1 Phpkit 1 Phpkit 2024-11-21 N/A
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
CVE-2016-10757 1 Readaxo 1 Readaxo 2024-11-21 N/A
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.