Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-12482

    OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.... Read more

    Affected Products : ocsinventory_ng
    • Published: Aug. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12481

    The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module.... Read more

    Affected Products : the_olive_tree_ftp_server
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12480

    Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.... Read more

    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12479

    A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.... Read more

    Affected Products : open_build_service
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12478

    A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.... Read more

    Affected Products : open_build_service
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12477

    A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions pr... Read more

    Affected Products : leap open_build_service
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12476

    Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed... Read more

    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12475

    A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data tha... Read more

    Affected Products : open_build_service
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12474

    Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE... Read more

    Affected Products : open_build_service tar_scm
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12473

    A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are ope... Read more

    Affected Products : open_build_service
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-12472

    A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.... Read more

    Affected Products : subscription_management_tool
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-12471

    A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.... Read more

    Affected Products : subscription_management_tool
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12470

    A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.... Read more

    Affected Products : subscription_management_tool
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12469

    Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 ... Read more

    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-12468

    A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in ... Read more

    Affected Products : groupwise
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12467

    Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.... Read more

    Affected Products : open_build_service
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12466

    openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.... Read more

    Affected Products : open_build_service
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-12465

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited i... Read more

    Affected Products : secure_messaging_gateway
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-12464

    A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create a... Read more

    Affected Products : secure_messaging_gateway
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12463

    An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML re... Read more

    Affected Products : fortify_software_security_center
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294209 Results