Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2017-16557

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-16556

    In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16555

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16554

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16553

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16552

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-16551

    K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16550

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16549

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16514

    Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that get... Read more

    Affected Products : websitebaker
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16512

    The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.... Read more

    Affected Products : vagrant_vmware_fusion
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16356

    Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption par... Read more

    Affected Products : simple_image_gallery_extended
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-16349

    An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An a... Read more

    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-16348

    An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerabi... Read more

    Affected Products : insteon_hub_firmware insteon_hub
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16347

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes ... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16346

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, s... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16345

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, s... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16344

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, s... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16343

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16342

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results