Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2018-11568

    Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-11567

    Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an addition... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11565

    Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.... Read more

    Affected Products : mahara
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-11564

    Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it w... Read more

    Affected Products : pagekit
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11563

    An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS custom... Read more

    Affected Products : debian_linux otrs
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11562

    An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.... Read more

    Affected Products : misp misp
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11561

    An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.... Read more

    Affected Products : erc20token
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11560

    The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.... Read more

    Affected Products : 2864-222_firmware 2864-222
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11559

    DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.... Read more

    Affected Products : domainmod
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11558

    DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.... Read more

    Affected Products : domainmod
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11557

    YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.... Read more

    Affected Products : easy_class_education_platform
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11556

    tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample p... Read more

    Affected Products : little_cms_color_engine little_cms
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11555

    tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using ... Read more

    Affected Products : little_cms_color_engine little_cms
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11554

    The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attacke... Read more

    Affected Products : yzmcms
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11553

    SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php.... Read more

    Affected Products : xiangyun_platform
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11552

    There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a brows... Read more

    Affected Products : axon_pbx
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-11551

    AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.... Read more

    Affected Products : axon_pbx
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11548

    An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.... Read more

    Affected Products : eos
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11547

    md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.... Read more

    Affected Products : md4c
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11546

    md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.... Read more

    Affected Products : md4c
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294206 Results