Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-1000884

    Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can r... Read more

    Affected Products : vesta_control_panel
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000871

    HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear... Read more

    Affected Products : hoteldruid
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000881

    Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable v... Read more

    Affected Products : traccar server
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000875

    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to a... Read more

    • Published: Dec. 20, 2018
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000851

    Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicio... Read more

    Affected Products : copay_bitcoin_wallet
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000824

    MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.... Read more

    Affected Products : megamek
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000827

    Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.... Read more

    Affected Products : ubilling
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000810

    The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack app... Read more

    Affected Products : rust
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21263

    In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2001-1125

    Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.... Read more

    Affected Products : liveupdate
    • Published: Oct. 05, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000800

    zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the ... Read more

    Affected Products : zephyr zephyr
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21242

    In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000628

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-2930

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : solaris_cluster
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000620

    Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appe... Read more

    Affected Products : cryptiles
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000631

    Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or dele... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000627

    Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to t... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000626

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged A... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000616

    ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch... Read more

    Affected Products : onos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000537

    Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file... Read more

    Affected Products : marlin_firmware
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292787 Results