Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2018-12468

    A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in ... Read more

    Affected Products : groupwise
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12467

    Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.... Read more

    Affected Products : open_build_service
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12466

    openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.... Read more

    Affected Products : open_build_service
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-12465

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited i... Read more

    Affected Products : secure_messaging_gateway
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-12464

    A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create a... Read more

    Affected Products : secure_messaging_gateway
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12463

    An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML re... Read more

    Affected Products : fortify_software_security_center
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12462

    NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.... Read more

    Affected Products : imanager
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12461

    Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.... Read more

    Affected Products : edirectory
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12460

    libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.... Read more

    Affected Products : ffmpeg
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12459

    An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.... Read more

    Affected Products : ffmpeg
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12458

    An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12457

    expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.... Read more

    Affected Products : expresscart express-cart
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12456

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote acces... Read more

    Affected Products : nplug_firmware nplug
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-12455

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.... Read more

    Affected Products : nplug_firmware nplug
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12454

    The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read wi... Read more

    Affected Products : 1000_guess
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12453

    Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.... Read more

    Affected Products : redis
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12449

    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.... Read more

    Affected Products : whale whale_browser_installer
    • Published: Oct. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12448

    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.... Read more

    Affected Products : whale
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12447

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.... Read more

    Affected Products : libbpg
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2018-12446

    An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authentica... Read more

    Affected Products : dropbox
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294116 Results