Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-11256

    An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11255

    An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11254

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11251

    In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN ... Read more

    Affected Products : imagemagick
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11248

    util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.... Read more

    Affected Products : filedownloader
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11247

    The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.... Read more

    Affected Products : bwise
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11246

    K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11245

    app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.... Read more

    Affected Products : misp
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11244

    The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.... Read more

    Affected Products : bbe_theme
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11242

    An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com... Read more

    Affected Products : makemytrip
    • Published: May. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11241

    An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of... Read more

    Affected Products : t-router_firmware t-router
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11240

    An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main server... Read more

    Affected Products : t-router_firmware t-router
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11239

    An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large ... Read more

    Affected Products : hexagon
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11237

    An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11236

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow ... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11235

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs ... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11233

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.... Read more

    Affected Products : ubuntu_linux git
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11232

    The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.... Read more

    Affected Products : linux_kernel
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-11231

    In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.... Read more

    Affected Products : divido
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11230

    jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.... Read more

    Affected Products : jbig2enc
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293946 Results