2016 CVEs

10645 CVEs published in 2016. 1371 critical, 4071 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2016
CVESeverityScorePublishedSummary
CVE-2016-20010Critical10.02021-05-05EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PH…
CVE-2016-10927Critical10.02019-08-22The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
CVE-2016-10926Critical10.02019-08-22The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
CVE-2016-9335Critical10.02018-05-09A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride…
CVE-2016-0898Critical10.02018-03-29MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component l…
CVE-2016-8027Critical10.02017-03-14SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to al…
CVE-2016-9343Critical10.02017-02-13An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to F…
CVE-2016-8363Critical10.02017-02-13An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2…
CVE-2016-8352Critical10.02017-02-13An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFE…
CVE-2016-8938Critical10.02017-02-01IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be execute…
CVE-2016-6082Critical10.02017-02-01IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit…
CVE-2016-10043Critical10.02017-01-31An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command…
CVE-2016-7457Critical10.02016-12-29VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecif…
CVE-2016-5788Critical10.02016-11-25General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote a…
CVE-2016-4787Critical10.02016-05-26Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authe…
CVE-2016-1044Critical10.02016-05-11Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016…
CVE-2016-1041Critical10.02016-05-11Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016…
CVE-2016-1038Critical10.02016-05-11Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016…
CVE-2016-1343Critical10.02016-04-30The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption)…
CVE-2016-1505Critical10.02016-02-03The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrate…