Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-5492

    Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, relat... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5491

    wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5490

    Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related t... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5489

    Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5488

    Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5487

    wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json... Read more

    Affected Products : wordpress
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-2584

    arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave... Read more

    Affected Products : linux_kernel
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8207

    A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.... Read more

    Affected Products : network_advisor
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8206

    A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.... Read more

    Affected Products : network_advisor
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8205

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be execu... Read more

    Affected Products : network_advisor
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8204

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.... Read more

    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8201

    A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.... Read more

    Affected Products : virtual_traffic_manager
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5476

    Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.... Read more

    Affected Products : serendipity
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5475

    comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.... Read more

    Affected Products : serendipity
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5474

    Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.... Read more

    Affected Products : serendipity
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5473

    Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_re... Read more

    Affected Products : ntopng
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2016-10142

    An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at ... Read more

    Affected Products : ipv6
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2010-5327

    Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.... Read more

    Affected Products : liferay_portal
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0398

    An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Produc... Read more

    Affected Products : android
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9813

    The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.... Read more

    Affected Products : gstreamer
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results