Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-11545

    md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.... Read more

    Affected Products : md4c
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11544

    The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and p... Read more

    Affected Products : ftp_server
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11543

    A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build... Read more

    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11542

    A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to ... Read more

    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11541

    A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Bui... Read more

    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11538

    servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.... Read more

    Affected Products : searchblox
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11537

    Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.... Read more

    Affected Products : angular-jwt
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11536

    md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.... Read more

    Affected Products : md4c
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11535

    An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.... Read more

    Affected Products : slac
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11532

    An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.... Read more

    Affected Products : changuondyu_advanced_statistics
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11531

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-11529

    VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.... Read more

    Affected Products : debian_linux vlc_media_player
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11527

    An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.... Read more

    Affected Products : cscms cscms
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11526

    The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.... Read more

    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11525

    The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.... Read more

    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11523

    upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.... Read more

    Affected Products : nvrmini_2_firmware nvrmini_2 nvrmini_2
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11522

    Yosoro 1.0.4 has stored XSS.... Read more

    Affected Products : yosoro
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-11518

    A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are acc... Read more

    Affected Products : legacy_ivr_firmware legacy_ivr
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11517

    mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.... Read more

    Affected Products : mypro
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11516

    The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf fil... Read more

    Affected Products : vlc_media_player
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293947 Results