Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-12635

    CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.... Read more

    Affected Products : scada
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12634

    CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.... Read more

    Affected Products : circarlife_scada scada
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2018-12633

    An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user th... Read more

    Affected Products : linux_kernel
    • Published: Jun. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12632

    Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.... Read more

    Affected Products : redatam
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12631

    Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.... Read more

    Affected Products : redatam
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12630

    NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.... Read more

    Affected Products : nmcms
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12628

    An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12627

    An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12626

    An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12625

    An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12624

    An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.... Read more

    Affected Products : eventum
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12623

    An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12622

    An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12621

    An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.... Read more

    Affected Products : eventum
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12617

    qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vul... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12615

    An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are act... Read more

    Affected Products : passenger
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12613

    An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an i... Read more

    Affected Products : phpmyadmin
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12611

    OX App Suite 7.8.4 and earlier allows Directory Traversal.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12610

    OX App Suite 7.8.4 and earlier allows Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12609

    OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 30, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294273 Results