Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-11023

    odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.... Read more

    Affected Products : odata4j
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-11022

    NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.... Read more

    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11020

    Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.... Read more

    Affected Products : kunena
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11018

    An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_... Read more

    Affected Products : image_gallery
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-11017

    The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection outpu... Read more

    Affected Products : network_monitor
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11016

    NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.... Read more

    Affected Products : jnr1010_firmware jnr1010
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-11015

    NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.... Read more

    Affected Products : jnr1010_firmware jnr1010
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11014

    NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.... Read more

    Affected Products : jnr1010_firmware jnr1010
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11013

    The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.... Read more

    Affected Products : impress_listings
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-11012

    The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.... Read more

    Affected Products : sola_support_tickets
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-11011

    The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11010

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11009

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11008

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11007

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11006

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.... Read more

    Affected Products : wp-invoice
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11005

    The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.... Read more

    Affected Products : instalinker
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11004

    The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.... Read more

    Affected Products : monarch
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11003

    The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.... Read more

    Affected Products : monarch
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11002

    The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.... Read more

    Affected Products : extra
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results