Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2018-12436

    wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a di... Read more

    Affected Products : wolfssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12435

    Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the a... Read more

    Affected Products : botan
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12434

    LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a differe... Read more

    Affected Products : libressl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12433

    cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on ... Read more

    Affected Products : cryptlib
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12432

    JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.... Read more

    Affected Products : javamelody javamelody
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-12431

    SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).... Read more

    Affected Products : seacms
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12429

    JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.... Read more

    Affected Products : jeesns
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12426

    The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jp... Read more

    Affected Products : live_chat wp_live_chat_support_pro
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12423

    In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.... Read more

    Affected Products : synapse
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12422

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes... Read more

    Affected Products : evolution
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12421

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a st... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12420

    IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.... Read more

    Affected Products : icehrm
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12418

    Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.... Read more

    Affected Products : junrar
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12416

    The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBC... Read more

    Affected Products : datasynapse_gridserver_manager
    • Published: Nov. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12415

    The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which ma... Read more

    Affected Products : enterprise_message_service
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12414

    The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Develo... Read more

    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12413

    The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition cont... Read more

    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12412

    The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery ... Read more

    Affected Products : ftl
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12411

    The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cr... Read more

    Affected Products : activespaces
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12410

    The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permiss... Read more

    Affected Products : spotfire_statistics_services
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294209 Results