Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-12930

    ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a craft... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12929

    ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12928

    In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12927

    Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.... Read more

    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12926

    Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.... Read more

    Affected Products : pharos_firmware pharos
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12925

    Baseon Lantronix MSS devices do not require a password for TELNET access.... Read more

    Affected Products : mss_firmware mss
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12924

    Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.... Read more

    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12923

    BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.... Read more

    Affected Products : ha_bridge
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12922

    Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.... Read more

    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12921

    Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.... Read more

    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12920

    Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.... Read more

    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12919

    In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.... Read more

    Affected Products : craftedweb
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12918

    In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.... Read more

    Affected Products : pbc
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12917

    In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.... Read more

    Affected Products : pbc
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12916

    In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.... Read more

    Affected Products : pbc
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12915

    In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.... Read more

    Affected Products : pbc
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12914

    A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .j... Read more

    Affected Products : publiccms
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12913

    In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.... Read more

    Affected Products : miniz
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12912

    An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.... Read more

    Affected Products : hongcms
    • Published: Jun. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12911

    WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.... Read more

    Affected Products : ubuntu_linux webkitgtk\+
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294296 Results