Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-14031

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.... Read more

    Affected Products : hdf5
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14029

    CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.... Read more

    Affected Products : witycms
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-14028

    In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads l... Read more

    Affected Products : wordpress
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-14027

    Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page.... Read more

    Affected Products : dg-hr-3300_firmware dg-hr-3300
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-14023

    Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.... Read more

    Affected Products : signal signal-desktop
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-14020

    An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacke... Read more

    Affected Products : paymorrow
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-14017

    The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_ja... Read more

    Affected Products : radare2
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-14016

    The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.... Read more

    Affected Products : radare2
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14014

    In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.... Read more

    Affected Products : super_cms
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-14013

    Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14012

    WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.... Read more

    Affected Products : wolfsight_cms
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14010

    OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more

    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14009

    Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.... Read more

    Affected Products : codiad
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14008

    Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.... Read more

    Affected Products : eos
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14007

    Citrix XenServer 7.1 and newer allows Directory Traversal.... Read more

    Affected Products : xenserver
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14006

    An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.... Read more

    Affected Products : ngtoken
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14005

    An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.... Read more

    Affected Products : malaysiancoin
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14004

    An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.... Read more

    Affected Products : globecoin
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14003

    An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.... Read more

    Affected Products : wmctoken
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14002

    An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.... Read more

    Affected Products : mp3_coin
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294726 Results