Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2016-7168

    Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image ... Read more

    Affected Products : wordpress
    • EPSS Score: %0.51
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-10012

    The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxe... Read more

    Affected Products : openssh
    • EPSS Score: %0.05
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-10011

    authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.... Read more

    Affected Products : openssh
    • EPSS Score: %0.03
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-10010

    sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.... Read more

    Affected Products : openssh
    • EPSS Score: %0.12
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10009

    Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.... Read more

    Affected Products : openssh
    • EPSS Score: %3.34
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7903

    Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.... Read more

    Affected Products : dotclear
    • EPSS Score: %0.28
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-7902

    Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted ext... Read more

    Affected Products : dotclear
    • EPSS Score: %2.52
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7399

    scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLi... Read more

    • EPSS Score: %13.39
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-6894

    Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.... Read more

    • EPSS Score: %0.37
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9936

    The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists bec... Read more

    Affected Products : php
    • EPSS Score: %0.84
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9935

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean... Read more

    Affected Products : php
    • EPSS Score: %2.32
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9934

    ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.... Read more

    Affected Products : php
    • EPSS Score: %6.47
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-9933

    Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violati... Read more

    Affected Products : php libgd
    • EPSS Score: %5.33
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9138

    PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exc... Read more

    Affected Products : php
    • EPSS Score: %2.02
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9137

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that ... Read more

    Affected Products : php
    • EPSS Score: %0.89
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8860

    Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attack... Read more

    Affected Products : tor
    • EPSS Score: %2.68
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-8670

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflo... Read more

    Affected Products : php libgd
    • EPSS Score: %1.70
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6595

    The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "rem... Read more

    Affected Products : docker
    • EPSS Score: %0.79
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9912

    The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a den... Read more

    Affected Products : php
    • EPSS Score: %1.32
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9911

    Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact... Read more

    • EPSS Score: %1.89
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025
Showing 20 of 292511 Results