Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-16739

    An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.... Read more

    • EPSS Score: %1.02
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16737

    An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.... Read more

    • EPSS Score: %0.16
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16736

    An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.39
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16732

    A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.28
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16728

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.65
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-16726

    Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negat... Read more

    Affected Products : twincat
    • EPSS Score: %0.08
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16724

    A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.40
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16720

    A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.... Read more

    Affected Products : webaccess
    • EPSS Score: %27.21
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-16718

    Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authenticati... Read more

    Affected Products : twincat
    • EPSS Score: %0.06
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16716

    A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.... Read more

    Affected Products : webaccess
    • EPSS Score: %4.15
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16714

    In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.... Read more

    • EPSS Score: %2.45
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-16710

    Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-16709

    Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %82.42
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16670

    The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.... Read more

    Affected Products : soapui
    • EPSS Score: %0.41
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-16666

    Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.... Read more

    Affected Products : xplico
    • EPSS Score: %80.76
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16654

    An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes us... Read more

    Affected Products : debian_linux symfony
    • EPSS Score: %0.57
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-16653

    An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to ... Read more

    Affected Products : debian_linux symfony
    • EPSS Score: %0.34
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16652

    An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and gener... Read more

    Affected Products : debian_linux symfony
    • EPSS Score: %0.22
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-16639

    Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.... Read more

    Affected Products : tor_browser windows
    • EPSS Score: %0.74
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16632

    In SapphireIMS 4097_1, the password in the database is stored in Base64 format.... Read more

    Affected Products : sapphireims
    • EPSS Score: %0.15
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results