Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-13006

    An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.... Read more

    Affected Products : ubuntu_linux gpac debian_linux
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13005

    An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.... Read more

    Affected Products : ubuntu_linux gpac debian_linux
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13003

    An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.... Read more

    Affected Products : opentsdb
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-13002

    An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` an... Read more

    Affected Products : cms_core_\&_grid
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13001

    An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application para... Read more

    Affected Products : cp\
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-13000

    An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing th... Read more

    Affected Products : advanced_electron_forum
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12999

    Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring ... Read more

    Affected Products : manageengine_desktop_central
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12998

    A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before bui... Read more

    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12997

    Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build ... Read more

    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12996

    A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.... Read more

    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12995

    onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.... Read more

    Affected Products : onefilecms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12994

    onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.... Read more

    Affected Products : onefilecms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12993

    onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.... Read more

    Affected Products : onefilecms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-12992

    An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.... Read more

    Affected Products : maelostore
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12990

    phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.... Read more

    Affected Products : phpwcms
    • Published: Jun. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12989

    The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.... Read more

    Affected Products : console_8 iqsystem_7
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12988

    GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.... Read more

    Affected Products : greencms greencms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12984

    Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.... Read more

    Affected Products : hycus_cms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12983

    A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.... Read more

    Affected Products : podofo
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12982

    Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.... Read more

    Affected Products : podofo
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294316 Results