Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2018-13435

    An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this ... Read more

    Affected Products : line
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2018-13434

    An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUse... Read more

    Affected Products : line
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13433

    Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.... Read more

    Affected Products : boostnote boostnote
    • Published: Jul. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13423

    admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.... Read more

    Affected Products : omeka
    • Published: Jul. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13422

    TCExam before 14.1.2 has XSS via an ff_ or xl_ field.... Read more

    Affected Products : tcexam
    • Published: Jul. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13421

    Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.... Read more

    Affected Products : fast-cpp-csv-parser
    • Published: Jul. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-13420

    Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program... Read more

    Affected Products : gperftools gperftools
    • Published: Jul. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13419

    An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue... Read more

    Affected Products : libsndfile
    • Published: Jul. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13418

    System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13417

    In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the fil... Read more

    Affected Products : bittorrent_client
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13416

    In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the... Read more

    Affected Products : universal_media_server
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13415

    In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the file... Read more

    Affected Products : media_server plex_media_server
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-13412

    An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.... Read more

    Affected Products : manageengine_desktop_central
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13411

    An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.... Read more

    Affected Products : manageengine_desktop_central
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13410

    Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether t... Read more

    Affected Products : zip
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13409

    An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.... Read more

    Affected Products : jirafeau
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13408

    An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.... Read more

    Affected Products : jirafeau
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-13407

    A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.... Read more

    Affected Products : jirafeau
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-13406

    An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-13405

    The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of... Read more

    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294504 Results