Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2018-12250

    An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.... Read more

    Affected Products : elite_cms
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12249

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.... Read more

    Affected Products : debian_linux mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12248

    An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.... Read more

    Affected Products : mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12247

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).... Read more

    Affected Products : mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12246

    Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A... Read more

    Affected Products : web_isolation
    • Published: Oct. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12245

    Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that ... Read more

    Affected Products : endpoint_protection
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12244

    SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CS... Read more

    Affected Products : endpoint_protection
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12243

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The att... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12242

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12241

    The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and... Read more

    Affected Products : security_analytics
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12240

    The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate cr... Read more

    Affected Products : norton_password_manager
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12239

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior t... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12238

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior t... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12237

    The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system pr... Read more

    Affected Products : reporter
    • Published: Jan. 24, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12234

    A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parame... Read more

    Affected Products : adrenalin
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12233

    In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-12232

    In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the fi... Read more

    Affected Products : linux_kernel
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12230

    An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.... Read more

    Affected Products : remicoin
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12229

    Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author f... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12228

    An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the da... Read more

    Affected Products : open_source asterisk
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294071 Results