Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-12754

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the curren... Read more

    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12739

    In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.... Read more

    Affected Products : beescms
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12735

    SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.... Read more

    Affected Products : saj_solar_inverter
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-12716

    The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging ... Read more

    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12715

    DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.... Read more

    Affected Products : dg-hr3400_firmware dg-hr3400
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12714

    An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index inval... Read more

    Affected Products : linux_kernel
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-12713

    GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to o... Read more

    Affected Products : gimp
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12712

    An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File In... Read more

    Affected Products : joomla\!
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12711

    An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbi... Read more

    Affected Products : joomla\!
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-12710

    An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the a... Read more

    Affected Products : dir-601_firmware dir-601
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12706

    DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.... Read more

    Affected Products : dg-br4000ng_firmware dg-br4000ng
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12705

    DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).... Read more

    Affected Products : dg-br4000ng_firmware dg-br4000ng
    • Published: Jun. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12703

    The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call... Read more

    Affected Products : block18
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12702

    The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spende... Read more

    Affected Products : globalvillage_ecosystem
    • Published: Jun. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12699

    finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objd... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12698

    demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur du... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12697

    A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.... Read more

    Affected Products : ubuntu_linux binutils
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12696

    mao10cms 6 allows XSS via the article page.... Read more

    Affected Products : mao10cms
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12695

    mao10cms 6 allows XSS via the m=bbs&a=index page.... Read more

    Affected Products : mao10cms
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12694

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294503 Results