Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2018-11093

    Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.... Read more

    Affected Products : ckeditor ckeditor_5-link
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11092

    An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.... Read more

    Affected Products : admin_notes
    • Published: May. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-11091

    An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is a... Read more

    Affected Products : myprocurenet
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11090

    An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.... Read more

    Affected Products : myprocurenet
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11088

    Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able ... Read more

    Affected Products : pivotal_application_service
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11086

    Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to acce... Read more

    Affected Products : pivotal_application_service
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-11084

    Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service fo... Read more

    Affected Products : garden-runc
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2018-11083

    Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh ... Read more

    Affected Products : bosh
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11082

    Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to log... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11081

    Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote... Read more

    Affected Products : operations_manager
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11080

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to uti... Read more

    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11079

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file... Read more

    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11078

    Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.... Read more

    Affected Products : emc_vplex_geosynchrony
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-11077

    'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A... Read more

    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11076

    Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be lea... Read more

    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-11075

    RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially explo... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11074

    RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tric... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11073

    RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code thr... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11072

    Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.... Read more

    Affected Products : digital_delivery
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11071

    Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated rem... Read more

    Affected Products : isilon_onefs isilonsd_edge
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293673 Results