Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-12426

    The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jp... Read more

    Affected Products : live_chat wp_live_chat_support_pro
    • EPSS Score: %10.59
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12421

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a st... Read more

    • EPSS Score: %1.04
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12544

    In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type vali... Read more

    Affected Products : vert.x
    • EPSS Score: %0.64
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12410

    The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permiss... Read more

    Affected Products : spotfire_statistics_services
    • EPSS Score: %2.56
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12392

    When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.... Read more

    • EPSS Score: %3.92
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28201

    This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary ... Read more

    Affected Products : macos iphone_os tvos safari ipad_os ipados
    • EPSS Score: %3.98
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2018-12378

    A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Fire... Read more

    • EPSS Score: %2.71
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0918

    A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The... Read more

    Affected Products : pharmacy_management_system
    • EPSS Score: %0.08
    • Published: Feb. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12356

    An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures o... Read more

    Affected Products : simple_password_store
    • EPSS Score: %2.86
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48620

    uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.... Read more

    Affected Products : libeuv
    • EPSS Score: %0.62
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-12376

    Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox <... Read more

    • EPSS Score: %2.71
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48174

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.... Read more

    Affected Products : busybox
    • EPSS Score: %0.45
    • Published: Aug. 22, 2023
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2018-12295

    SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.... Read more

    Affected Products : nas_os
    • EPSS Score: %0.26
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46882

    A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.24
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2018-12377

    A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62,... Read more

    • EPSS Score: %2.71
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12292

    A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.... Read more

    Affected Products : pale_moon
    • EPSS Score: %11.83
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44640

    Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).... Read more

    Affected Products : samba heimdal
    • EPSS Score: %1.96
    • Published: Dec. 25, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2018-12113

    Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.... Read more

    Affected Products : core_ftp
    • EPSS Score: %16.48
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12171

    Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.... Read more

    • EPSS Score: %0.74
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12055

    Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.... Read more

    Affected Products : schools_alert_management_script
    • EPSS Score: %2.23
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292652 Results