Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2019-7403

    An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.... Read more

    Affected Products : phpmywind
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20587

    Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv... Read more

    Affected Products : bitcoin_knots bitcoin_core
    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12011

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.... Read more

    Affected Products : android
    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-0256

    Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.... Read more

    Affected Products : business_one
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-0108

    Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.... Read more

    Affected Products : data_center_manager
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-0111

    Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : data_center_manager
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11820

    Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, ... Read more

    • Published: Feb. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11864

    Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ... Read more

    • Published: Feb. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-6547

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.... Read more

    Affected Products : screeneditor
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-17955

    In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection... Read more

    Affected Products : yast2-multipath
    • Published: Mar. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-13103

    OX App Suite 7.8.4 and earlier allows SSRF.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10020

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.... Read more

    Affected Products : xpdf
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10025

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.... Read more

    Affected Products : xpdf
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10026

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.... Read more

    Affected Products : xpdf
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-15817

    FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.... Read more

    Affected Products : image_viewer
    • Published: Mar. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11958

    Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Vo... Read more

    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-4143

    The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.... Read more

    Affected Products : cloud_private
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-0876

    An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-6239

    NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all vers... Read more

    Affected Products : jetson_tx2
    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1725

    A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI... Read more

    Affected Products : unified_computing_system
    • Published: Apr. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results