Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2018-12693

    Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12692

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12691

    Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.... Read more

    Affected Products : onos
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12689

    phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.... Read more

    Affected Products : phpldapadmin phpldapadmin
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12688

    tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.... Read more

    Affected Products : tinyexr
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12687

    tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.... Read more

    Affected Products : tinyexr
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-12684

    Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.... Read more

    Affected Products : civetweb
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12680

    The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example colle... Read more

    Affected Products : coapthon
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12679

    The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when th... Read more

    Affected Products : coapthon3
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12678

    Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.... Read more

    Affected Products : portainer
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12675

    The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-12674

    The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12673

    An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network i... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12672

    The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to per... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12671

    An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information c... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12670

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12669

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi.... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12668

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12667

    The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability cou... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12666

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel c... Read more

    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294270 Results