Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-16592

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authenticati... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %3.97
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16591

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authenticati... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %3.97
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16590

    This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainF... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %3.79
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16558

    Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.... Read more

    Affected Products : contao contao_cms
    • EPSS Score: %0.29
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16557

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-16556

    In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16555

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16554

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16553

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16552

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16551

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16550

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16549

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16514

    Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that get... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.24
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16512

    The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.... Read more

    Affected Products : vagrant_vmware_fusion
    • EPSS Score: %0.03
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16356

    Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption par... Read more

    Affected Products : simple_image_gallery_extended
    • EPSS Score: %0.30
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-16349

    An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An a... Read more

    • EPSS Score: %0.33
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16348

    An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerabi... Read more

    Affected Products : insteon_hub_firmware insteon_hub
    • EPSS Score: %0.61
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16347

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes ... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • EPSS Score: %0.86
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16346

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, s... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • EPSS Score: %0.86
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results