Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2018-13384

    A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.... Read more

    Affected Products : fortios
    • Published: Jun. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-13381

    A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-ser... Read more

    Affected Products : fortios fortiproxy
    • Published: Jun. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13380

    A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script ... Read more

    Affected Products : fortios fortiproxy
    • Published: Jun. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-13378

    An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.... Read more

    Affected Products : fortisiem
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-13376

    An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.... Read more

    Affected Products : fortios
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13375

    An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is ... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: May. 28, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-13371

    An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.... Read more

    Affected Products : fortios
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-13368

    A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.... Read more

    Affected Products : forticlient
    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13367

    An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.... Read more

    Affected Products : fortios
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13366

    An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.... Read more

    Affected Products : fortios
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13365

    An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.... Read more

    Affected Products : fortios
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-13361

    User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13360

    Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-13359

    Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13358

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-13357

    Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13356

    Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13355

    Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13354

    System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-13353

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294534 Results