Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2018-12579

    An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x b... Read more

    Affected Products : eshop
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12578

    There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.... Read more

    Affected Products : sam2p
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12577

    The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-12576

    TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12575

    On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12574

    CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12572

    Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.... Read more

    Affected Products : free_antivirus
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12571

    uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12565

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.... Read more

    Affected Products : debian_linux lava
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12564

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yam... Read more

    Affected Products : debian_linux lava
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12563

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.... Read more

    Affected Products : lava
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12562

    An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected s... Read more

    Affected Products : cantata cantata
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12561

    An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.... Read more

    Affected Products : cantata cantata
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12560

    An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.... Read more

    Affected Products : cantata cantata
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12559

    An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home direct... Read more

    Affected Products : cantata cantata
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12558

    The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("... Read more

    Affected Products : \
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12557

    An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items... Read more

    Affected Products : zuul
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12556

    The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which all... Read more

    Affected Products : website
    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-12551

    When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no passw... Read more

    Affected Products : mosquitto
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-12550

    When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow p... Read more

    Affected Products : mosquitto
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294209 Results