Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-12264

    Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12263

    portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.... Read more

    Affected Products : portfoliocms
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2018-12261

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2018-12260

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12259

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12258

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezvi... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2018-12257

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation ... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12256

    admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqm... Read more

    Affected Products : litecart
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12255

    An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field.... Read more

    Affected Products : invoiceplane
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12254

    router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.... Read more

    Affected Products : ek_rishta
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12250

    An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.... Read more

    Affected Products : elite_cms
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12249

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.... Read more

    Affected Products : debian_linux mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12248

    An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.... Read more

    Affected Products : mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12247

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).... Read more

    Affected Products : mruby
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12246

    Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A... Read more

    Affected Products : web_isolation
    • Published: Oct. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12245

    Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that ... Read more

    Affected Products : endpoint_protection
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12244

    SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CS... Read more

    Affected Products : endpoint_protection
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12243

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The att... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12242

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12241

    The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and... Read more

    Affected Products : security_analytics
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294121 Results