Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-11728

    The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor ha... Read more

    Affected Products : libfsntfs
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11727

    The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as... Read more

    Affected Products : libfsntfs
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11726

    The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11725

    The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11724

    The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11723

    The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed thi... Read more

    Affected Products : libpff
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11722

    WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.... Read more

    Affected Products : wuzhicms
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11720

    Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.... Read more

    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11719

    Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.... Read more

    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11718

    Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.... Read more

    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11717

    An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartex... Read more

    Affected Products : manageengine_desktop_central
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11716

    An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cl... Read more

    Affected Products : manageengine_desktop_central
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11715

    The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.... Read more

    Affected Products : recent_threads
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11714

    An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /... Read more

    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11713

    WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As ... Read more

    Affected Products : webkitgtk\+ libsoup
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11712

    WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.... Read more

    Affected Products : webkitgtk\+
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11711

    A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that thi... Read more

    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11710

    soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situatio... Read more

    Affected Products : libopenmpt
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11709

    wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.... Read more

    Affected Products : wpforo_forum wpforo
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11707

    FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified oth... Read more

    Affected Products : image_viewer
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293961 Results