Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-12979

    An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.... Read more

    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12977

    A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" sectio... Read more

    Affected Products : excellence_suite
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12976

    In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.... Read more

    Affected Products : go_doc_dot_org
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12975

    The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getSt... Read more

    Affected Products : cryptosaga
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12973

    An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.... Read more

    Affected Products : opentsdb
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12972

    An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.... Read more

    Affected Products : opentsdb
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12971

    EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.... Read more

    Affected Products : easycms
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12959

    The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).... Read more

    Affected Products : aditustoken
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12944

    Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12943

    Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12942

    SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12941

    This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an a... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12940

    Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter.... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12939

    A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be ... Read more

    Affected Products : seeddms
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12934

    remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.... Read more

    Affected Products : binutils
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12933

    PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.... Read more

    Affected Products : wine
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12932

    PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.... Read more

    Affected Products : wine
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12931

    ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs file... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12930

    ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a craft... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12929

    ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294714 Results