Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-17840

    SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.... Read more

    Affected Products : education_website
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17825

    An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.... Read more

    Affected Products : fedora adplug
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17570

    utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.... Read more

    Affected Products : viabtc_exchange_server
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17608

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects... Read more

    Affected Products : phantompdf reader
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17609

    Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects... Read more

    Affected Products : phantompdf reader
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17573

    The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html,... Read more

    Affected Products : wp-insert
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17568

    utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.... Read more

    Affected Products : viabtc_exchange_server
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17564

    A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.... Read more

    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17538

    Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability... Read more

    Affected Products : evidence_sync
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36048

    QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.... Read more

    Affected Products : fedora qt
    • Published: May. 18, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2003-0174

    The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.... Read more

    Affected Products : irix
    • Published: May. 12, 2003
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-17448

    An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.... Read more

    Affected Products : netscaler_sd-wan sd-wan
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17446

    A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.... Read more

    Affected Products : netscaler_sd-wan sd-wan
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17428

    An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.... Read more

    Affected Products : opac_easyweb_five
    • Published: Oct. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17398

    SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.... Read more

    Affected Products : amgallery
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17399

    SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.... Read more

    Affected Products : jimtawl
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17394

    SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.... Read more

    Affected Products : timetable_schedule
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17393

    SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.... Read more

    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17412

    zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.... Read more

    Affected Products : zzcms
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17384

    SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.... Read more

    Affected Products : swap_factory
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292797 Results