Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-7103

    Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6443

    Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.... Read more

    Affected Products : tmnet_webconfig
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6430

    The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.... Read more

    Affected Products : ettercap ettercap
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6429

    Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.... Read more

    Affected Products : tcpreplay tcpreplay
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-6189

    Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.... Read more

    Affected Products : kindle_for_pc
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5580

    The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.... Read more

    Affected Products : virglrenderer
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5579

    Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operatio... Read more

    Affected Products : debian_linux qemu
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5578

    Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_... Read more

    Affected Products : qemu
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5552

    Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BA... Read more

    Affected Products : qemu
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5537

    The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.... Read more

    Affected Products : weblate
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5526

    Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.... Read more

    Affected Products : debian_linux qemu
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5525

    Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.... Read more

    Affected Products : debian_linux qemu
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5496

    Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.... Read more

    Affected Products : sawmill
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5359

    EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.... Read more

    Affected Products : sql_iplug
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5358

    Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.... Read more

    Affected Products : easycom_for_php
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10197

    The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.... Read more

    Affected Products : debian_linux libevent
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10196

    Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argumen... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10195

    The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.... Read more

    Affected Products : debian_linux libevent
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10168

    Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.... Read more

    Affected Products : libgd
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10167

    The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.... Read more

    Affected Products : libgd
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293589 Results