Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.70
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15361

    UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.33
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14667

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.a... Read more

    Affected Products : enterprise_linux richfaces
    • Actively Exploited
    • EPSS Score: %87.94
    • Published: Nov. 06, 2018
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-14364

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.... Read more

    Affected Products : gitlab
    • EPSS Score: %16.02
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13871

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.45
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13866

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.42
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1352

    A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.... Read more

    Affected Products : fortios
    • EPSS Score: %0.50
    • Published: Feb. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13379

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows a... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Jun. 04, 2019
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-13043

    scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.... Read more

    Affected Products : ubuntu_linux devscripts
    • EPSS Score: %1.28
    • Published: Jul. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12829

    Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.... Read more

    Affected Products : creative_cloud
    • EPSS Score: %2.10
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12804

    Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.... Read more

    Affected Products : connect
    • EPSS Score: %6.52
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12533

    JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData obje... Read more

    Affected Products : richfaces
    • EPSS Score: %73.98
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12474

    Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE... Read more

    Affected Products : open_build_service tar_scm
    • EPSS Score: %0.38
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11407

    An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, whi... Read more

    Affected Products : symfony
    • EPSS Score: %0.20
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11325

    An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator accoun... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.11
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10992

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --... Read more

    Affected Products : lilypond
    • EPSS Score: %0.77
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10191

    In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use th... Read more

    Affected Products : debian_linux mruby
    • EPSS Score: %1.36
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46476

    D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.... Read more

    Affected Products : dir-859_a1_firmware dir-859_a1
    • EPSS Score: %62.91
    • Published: Jan. 19, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-3657

    A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulati... Read more

    Affected Products : ac_repair_and_services_system
    • EPSS Score: %0.05
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0608

    Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.... Read more

    Affected Products : h2o
    • EPSS Score: %2.57
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292016 Results