Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9137

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that ... Read more

    Affected Products : php
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-8860

    Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attack... Read more

    Affected Products : tor
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-8670

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflo... Read more

    Affected Products : php libgd
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-6595

    The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "rem... Read more

    Affected Products : docker
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9912

    The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a den... Read more

    Affected Products : php
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9911

    Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10116

    NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized ... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10115

    NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attack... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10114

    SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 4.8

    MEDIUM
    CVE-2016-10112

    Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.... Read more

    Affected Products : woocommerce
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-5024

    Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network... Read more

    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10108

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.... Read more

    Affected Products : mycloud_nas
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10107

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.... Read more

    Affected Products : mycloud_nas
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-10106

    Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, a... Read more

    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10105

    admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.... Read more

    Affected Products : piwigo
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-5005

    Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsi... Read more

    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-10100

    Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.... Read more

    Affected Products : borg
    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-10099

    Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.... Read more

    Affected Products : borg
    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10097

    XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.... Read more

    Affected Products : openam
    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-10096

    SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.... Read more

    Affected Products : genixcms genixcms
    • Published: Jan. 01, 2017
    • Modified: Apr. 12, 2025
Showing 20 of 292817 Results