2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-20052 | CRITICAL | 9.3 | 1.0% | Apr 4, 2026 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitra... |
| CVE-2016-20049 | CRITICAL | 9.3 | 0.7% | Mar 28, 2026 | JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitr... |
| CVE-2016-20030 | CRITICAL | 9.3 | 0.6% | Mar 16, 2026 | ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover val... |
| CVE-2016-20026 | CRITICAL | 9.3 | 0.8% | Mar 16, 2026 | ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated a... |
| CVE-2016-20024 | CRITICAL | 9.3 | 0.7% | Mar 16, 2026 | ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate... |
| CVE-2016-15057 | CRITICAL | 9.9 | 3.7% | Jan 26, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vuln... |
| CVE-2016-15048 | CRITICAL | 10 | 7.2% | Oct 22, 2025 | AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manage... |
| CVE-2016-15044 | CRITICAL | 9.3 | 1.4% | Jul 23, 2025 | A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user... |
| CVE-2016-15043 | CRITICAL | 9.8 | 10.0% | Jul 19, 2025 | The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation ... |
| CVE-2016-15042 | CRITICAL | 9.8 | 5.5% | Oct 16, 2024 | The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulne... |
| CVE-2016-15040 | CRITICAL | 9.8 | 0.5% | Oct 16, 2024 | The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in ver... |
| CVE-2016-20021 | CRITICAL | 9.8 | 0.5% | Jan 12, 2024 | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downlo... |
| CVE-2016-15034 | CRITICAL | 9.8 | 0.5% | Jul 10, 2023 | A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedom... |
| CVE-2016-15033 | CRITICAL | 9.8 | 2.3% | Jun 7, 2023 | The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation... |
| CVE-2016-15031 | CRITICAL | 9.8 | 0.8% | May 6, 2023 | A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function ch... |
| CVE-2016-15021 | CRITICAL | 9.8 | 0.7% | Jan 17, 2023 | A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. ... |
| CVE-2016-15020 | CRITICAL | 9.8 | 0.7% | Jan 16, 2023 | A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the functio... |
| CVE-2016-15018 | CRITICAL | 9.8 | 0.8% | Jan 15, 2023 | A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. Th... |
| CVE-2016-15017 | CRITICAL | 9.8 | 0.9% | Jan 10, 2023 | A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects t... |
| CVE-2016-15016 | CRITICAL | 9.8 | 0.7% | Jan 8, 2023 | A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affec... |
| CVE-2016-15013 | CRITICAL | 9.8 | 0.7% | Jan 7, 2023 | A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the funct... |
| CVE-2016-15012 | CRITICAL | 9.8 | 0.7% | Jan 7, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has b... |
| CVE-2016-15011 | CRITICAL | 9.8 | 0.7% | Jan 6, 2023 | A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is th... |
| CVE-2016-15007 | CRITICAL | 9.8 | 0.8% | Jan 2, 2023 | A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this... |
| CVE-2016-20017 | CRITICAL | 9.8 | 60.4% | Oct 19, 2022 | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as ... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now