Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2018-12440

    BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on ... Read more

    Affected Products : boringssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12439

    MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machin... Read more

    Affected Products : matrixssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12438

    The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local ma... Read more

    Affected Products : libsunec
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12437

    LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine ... Read more

    Affected Products : op-tee libtomcrypt
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12436

    wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a di... Read more

    Affected Products : wolfssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12435

    Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the a... Read more

    Affected Products : botan
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12434

    LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a differe... Read more

    Affected Products : libressl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12433

    cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on ... Read more

    Affected Products : cryptlib
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12432

    JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.... Read more

    Affected Products : javamelody javamelody
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-12431

    SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).... Read more

    Affected Products : seacms
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12429

    JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.... Read more

    Affected Products : jeesns
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12426

    The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jp... Read more

    Affected Products : live_chat wp_live_chat_support_pro
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12423

    In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.... Read more

    Affected Products : synapse
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12422

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes... Read more

    Affected Products : evolution
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12421

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a st... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12420

    IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.... Read more

    Affected Products : icehrm
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12418

    Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.... Read more

    Affected Products : junrar
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12416

    The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBC... Read more

    Affected Products : datasynapse_gridserver_manager
    • Published: Nov. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12415

    The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which ma... Read more

    Affected Products : enterprise_message_service
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12414

    The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Develo... Read more

    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294273 Results