Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-14071

    The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.... Read more

    Affected Products : geo_mashup geo_mashup
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14069

    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.... Read more

    Affected Products : srcms
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14068

    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.... Read more

    Affected Products : srcms
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14067

    Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by def... Read more

    Affected Products : dv-360_firmware dv-360
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14066

    The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Inf... Read more

    Affected Products : android infinix_x571 lenovo_a7020
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14065

    XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.... Read more

    Affected Products : common
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14064

    The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.... Read more

    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14063

    The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.... Read more

    Affected Products : tracto
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-14062

    The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.... Read more

    Affected Products : cospas-sarsat_system
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14060

    OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more

    Affected Products : xiaomi_r3d_firmware xiaomi_r3d
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-14059

    Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.... Read more

    Affected Products : pimcore
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14058

    Pimcore before 5.3.0 allows SQL Injection via the REST web service API.... Read more

    Affected Products : pimcore
    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-14057

    Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.... Read more

    Affected Products : pimcore
    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-14056

    ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.... Read more

    Affected Products : debian_linux znc
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14055

    ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.... Read more

    Affected Products : debian_linux znc
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14054

    A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.... Read more

    Affected Products : mp4v2 mp4v2
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14052

    An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.... Read more

    Affected Products : libwav
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-14051

    The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.... Read more

    Affected Products : libwav
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14050

    An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c.... Read more

    Affected Products : libwav
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-14049

    An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.... Read more

    Affected Products : libwav
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294755 Results