Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-12630

    NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.... Read more

    Affected Products : nmcms
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12628

    An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12627

    An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12626

    An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12625

    An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12624

    An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.... Read more

    Affected Products : eventum
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12623

    An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12622

    An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12621

    An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12617

    qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vul... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12615

    An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are act... Read more

    Affected Products : passenger
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12613

    An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an i... Read more

    Affected Products : phpmyadmin
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12611

    OX App Suite 7.8.4 and earlier allows Directory Traversal.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12610

    OX App Suite 7.8.4 and earlier allows Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12609

    OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12608

    An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated c... Read more

    Affected Products : docker moby
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12607

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12606

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12605

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12604

    GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.... Read more

    Affected Products : greencms
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294189 Results