Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2018-12625

    An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12624

    An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.... Read more

    Affected Products : eventum
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12623

    An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12622

    An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12621

    An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12617

    qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vul... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12615

    An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are act... Read more

    Affected Products : passenger
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12613

    An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an i... Read more

    Affected Products : phpmyadmin
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12611

    OX App Suite 7.8.4 and earlier allows Directory Traversal.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12610

    OX App Suite 7.8.4 and earlier allows Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12609

    OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12608

    An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated c... Read more

    Affected Products : docker moby
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12607

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12606

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12605

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.... Read more

    Affected Products : gitlab
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12604

    GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.... Read more

    Affected Products : greencms
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12603

    Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.... Read more

    Affected Products : lfcms
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12602

    A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.... Read more

    Affected Products : lfcms
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12601

    There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.... Read more

    Affected Products : debian_linux sam2p
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12600

    In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294264 Results