Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-15439

    A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected so... Read more

    • EPSS Score: %1.26
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6491

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.... Read more

    Affected Products : ucmdb_configuration_manager
    • EPSS Score: %0.14
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19196

    An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonst... Read more

    Affected Products : xiaocms_x1 xiaocms
    • EPSS Score: %0.59
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19220

    An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.... Read more

    Affected Products : laobancms
    • EPSS Score: %0.99
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19222

    An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.... Read more

    Affected Products : laobancms
    • EPSS Score: %0.51
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5495

    All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.... Read more

    Affected Products : storagegrid_webscale
    • EPSS Score: %0.74
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19281

    Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.... Read more

    Affected Products : centreon
    • EPSS Score: %0.22
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0684

    Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data forma... Read more

    Affected Products : debun_imap debun_pop
    • EPSS Score: %6.74
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7359

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : zxhn_f670_firmware zxhn_f670
    • EPSS Score: %0.81
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18763

    SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.... Read more

    Affected Products : saltos
    • EPSS Score: %3.03
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18795

    School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.... Read more

    Affected Products : school_event_management_system
    • EPSS Score: %3.03
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18796

    Library Management System 1.0 has SQL Injection via the "Search for Books" screen.... Read more

    Affected Products : library_management_system
    • EPSS Score: %0.25
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18801

    The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].... Read more

    Affected Products : bsen_ordering_software
    • EPSS Score: %3.03
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18805

    Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.... Read more

    Affected Products : pointofsales
    • EPSS Score: %4.71
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19355

    modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (fo... Read more

    Affected Products : prestashop customer_files_upload
    • EPSS Score: %11.02
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9207

    Arbitrary file upload in jQuery Upload File <= 4.0.2... Read more

    Affected Products : jquery_upload_file
    • EPSS Score: %28.55
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9209

    Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2... Read more

    Affected Products : php-traditional-server
    • EPSS Score: %1.94
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16223

    Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.... Read more

    Affected Products : qbeecam
    • EPSS Score: %0.80
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19410

    PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directi... Read more

    Affected Products : prtg_network_monitor
    • Actively Exploited
    • EPSS Score: %93.12
    • Published: Nov. 21, 2018
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2018-19548

    index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.... Read more

    Affected Products : edusec
    • EPSS Score: %0.40
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291775 Results