Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-16632

    In SapphireIMS 4097_1, the password in the database is stored in Base64 format.... Read more

    Affected Products : sapphireims
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16631

    In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.... Read more

    Affected Products : sapphireims
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16630

    In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.... Read more

    Affected Products : sapphireims
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16629

    In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Ple... Read more

    Affected Products : sapphireims
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16614

    SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.... Read more

    Affected Products : tpshop
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16610

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue res... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16609

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue r... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16608

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from ... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16607

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue ... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16606

    This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing au... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16605

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication me... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16604

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication me... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16603

    This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing au... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16602

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mecha... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16601

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication me... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16600

    This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ca... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16599

    This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mecha... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-16598

    This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16597

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pr... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16596

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authenticati... Read more

    Affected Products : enterprise_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293238 Results