2016 CVE Vulnerabilities
10,645 CVEs published in 2016.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2016-10959 | MEDIUM | 6.5 | 1.1% | Sep 16, 2019 | The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_med... |
| CVE-2016-10957 | MEDIUM | 6.1 | 1.0% | Sep 16, 2019 | The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc paramet... |
| CVE-2016-10953 | MEDIUM | 5.4 | 0.8% | Sep 13, 2019 | The Headway theme before 3.8.9 for WordPress has XSS via the license key field. |
| CVE-2016-10952 | MEDIUM | 6.1 | 1.4% | Sep 13, 2019 | The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page p... |
| CVE-2016-10941 | MEDIUM | 6.1 | 1.2% | Sep 13, 2019 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. |
| CVE-2016-10938 | MEDIUM | 6.5 | 0.9% | Sep 13, 2019 | The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. |
| CVE-2016-10893 | MEDIUM | 6.1 | 1.3% | Aug 20, 2019 | The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. |
| CVE-2016-10894 | MEDIUM | 4.6 | 0.4% | Aug 16, 2019 | xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (a... |
| CVE-2016-10867 | MEDIUM | 6.1 | 0.9% | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. |
| CVE-2016-10872 | MEDIUM | 6.1 | 1.0% | Aug 12, 2019 | The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. |
| CVE-2016-10878 | MEDIUM | 6.1 | 1.0% | Aug 12, 2019 | The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. |
| CVE-2016-10875 | MEDIUM | 6.1 | 0.9% | Aug 12, 2019 | The wp-database-backup plugin before 4.3.1 for WordPress has XSS. |
| CVE-2016-10873 | MEDIUM | 6.1 | 0.9% | Aug 12, 2019 | The wp-database-backup plugin before 4.3.3 for WordPress has XSS. |
| CVE-2016-10765 | MEDIUM | 5.3 | 0.8% | Jul 29, 2019 | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. |
| CVE-2016-2125 | MEDIUM | 6.5 | 9.3% | Oct 31, 2018 | It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos au... |
| CVE-2016-9040 | MEDIUM | 5.5 | 0.5% | Sep 7, 2018 | An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerab... |
| CVE-2016-9598 | MEDIUM | 6.5 | 1.0% | Aug 16, 2018 | libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of... |
| CVE-2016-9596 | MEDIUM | 6.5 | 0.9% | Aug 16, 2018 | libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a... |
| CVE-2016-8647 | MEDIUM | 4.9 | 1.4% | Jul 26, 2018 | An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly c... |
| CVE-2016-9042 | MEDIUM | 5.9 | 4.0% | Jun 4, 2018 | An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A spe... |
| CVE-2016-10597 | MEDIUM | 5.9 | 0.5% | Jun 1, 2018 | cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. |
| CVE-2016-10704 | MEDIUM | 6.1 | 0.6% | Dec 30, 2017 | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that... |
| CVE-2016-1252 | MEDIUM | 5.9 | 7.2% | Dec 5, 2017 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1... |
| CVE-2016-6794 | MEDIUM | 5.3 | 7.2% | Aug 10, 2017 | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the ... |
| CVE-2016-0762 | MEDIUM | 5.9 | 7.7% | Aug 10, 2017 | The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to ... |
Check if your code is affected by 2016 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now