Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-11538

    servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.... Read more

    Affected Products : searchblox
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11537

    Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.... Read more

    Affected Products : angular-jwt
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11536

    md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.... Read more

    Affected Products : md4c
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11535

    An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.... Read more

    Affected Products : slac
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11532

    An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.... Read more

    Affected Products : changuondyu_advanced_statistics
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11531

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-11529

    VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.... Read more

    Affected Products : debian_linux vlc_media_player
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11527

    An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.... Read more

    Affected Products : cscms cscms
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11526

    The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.... Read more

    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11525

    The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.... Read more

    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11523

    upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.... Read more

    Affected Products : nvrmini_2_firmware nvrmini_2 nvrmini_2
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11522

    Yosoro 1.0.4 has stored XSS.... Read more

    Affected Products : yosoro
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-11518

    A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are acc... Read more

    Affected Products : legacy_ivr_firmware legacy_ivr
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11517

    mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.... Read more

    Affected Products : mypro
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11516

    The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf fil... Read more

    Affected Products : vlc_media_player
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11515

    The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.... Read more

    Affected Products : wpforo
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11514

    PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.... Read more

    Affected Products : naukri_clone_script
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-11512

    Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by do... Read more

    Affected Products : witycms
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11511

    The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.... Read more

    Affected Products : data_master asustor_data_master
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11510

    The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.... Read more

    Affected Products : data_master adm
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293961 Results