Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-11515

    The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.... Read more

    Affected Products : wpforo
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11514

    PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.... Read more

    Affected Products : naukri_clone_script
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-11512

    Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by do... Read more

    Affected Products : witycms
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11511

    The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.... Read more

    Affected Products : data_master asustor_data_master
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11510

    The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.... Read more

    Affected Products : data_master adm
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11509

    ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.... Read more

    Affected Products : data_master asustor_data_master
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11508

    The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11507

    An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.... Read more

    Affected Products : flif
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11506

    The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at t... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11505

    The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.... Read more

    Affected Products : werewolf_online
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11504

    The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.... Read more

    Affected Products : debian_linux discount
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11503

    The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.... Read more

    Affected Products : debian_linux discount
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11502

    An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.... Read more

    Affected Products : moderator_log_notes
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11501

    PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.... Read more

    Affected Products : website_seller_script
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11500

    An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.... Read more

    Affected Products : publiccms
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11499

    A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.... Read more

    Affected Products : libsass
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11498

    In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to c... Read more

    Affected Products : lizard lz5
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11496

    In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.... Read more

    Affected Products : debian_linux long_range_zip
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11495

    OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.... Read more

    Affected Products : opencart
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-11494

    The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret... Read more

    Affected Products : opencart
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293947 Results