Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2018-11693

    An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memo... Read more

    Affected Products : libsass
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11692

    An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that thi... Read more

    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11691

    Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue... Read more

    Affected Products : ve6046_firmware ve6046
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11690

    The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute scri... Read more

    Affected Products : gridbox
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11689

    Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11688

    Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the ... Read more

    Affected Products : openfire
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11687

    An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploi... Read more

    Affected Products : bitcoin_red
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11686

    The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.... Read more

    Affected Products : flexpaper
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11685

    Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.... Read more

    Affected Products : ubuntu_linux leap liblouis
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11684

    Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.... Read more

    Affected Products : ubuntu_linux leap liblouis
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11683

    Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.... Read more

    Affected Products : ubuntu_linux leap liblouis
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11682

    Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as ... Read more

    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11681

    Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The... Read more

    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11680

    An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.... Read more

    Affected Products : cmseasy
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11679

    An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.... Read more

    Affected Products : cmseasy
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11678

    plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.... Read more

    Affected Products : monstra monstra_cms
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11671

    An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.... Read more

    Affected Products : greencms
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11670

    An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.... Read more

    Affected Products : greencms
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11657

    ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.... Read more

    Affected Products : ngiflib
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11656

    In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293970 Results