Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2018-12710

    An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the a... Read more

    Affected Products : dir-601_firmware dir-601
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12706

    DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.... Read more

    Affected Products : dg-br4000ng_firmware dg-br4000ng
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12705

    DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).... Read more

    Affected Products : dg-br4000ng_firmware dg-br4000ng
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12703

    The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call... Read more

    Affected Products : block18
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12702

    The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spende... Read more

    Affected Products : globalvillage_ecosystem
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12699

    finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objd... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12698

    demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur du... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12697

    A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12696

    mao10cms 6 allows XSS via the article page.... Read more

    Affected Products : mao10cms
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12695

    mao10cms 6 allows XSS via the m=bbs&a=index page.... Read more

    Affected Products : mao10cms
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12694

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12693

    Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12692

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12691

    Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.... Read more

    Affected Products : onos
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12689

    phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.... Read more

    Affected Products : phpldapadmin phpldapadmin
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12688

    tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.... Read more

    Affected Products : tinyexr
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12687

    tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.... Read more

    Affected Products : tinyexr
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-12684

    Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.... Read more

    Affected Products : civetweb
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12680

    The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example colle... Read more

    Affected Products : coapthon
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12679

    The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when th... Read more

    Affected Products : coapthon3
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294261 Results