Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-11418

    An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.... Read more

    Affected Products : jerryscript
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11416

    jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : jpegoptim
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11415

    SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.... Read more

    Affected Products : internet_transaction_server
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11414

    An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.... Read more

    Affected Products : bearadmin
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11413

    An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configu... Read more

    Affected Products : bearadmin
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-11412

    In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedica... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11411

    The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorre... Read more

    Affected Products : dimoncoin
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11410

    An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : ubuntu_linux liblouis
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11409

    Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.... Read more

    Affected Products : splunk
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11408

    The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a containe... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11407

    An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, whi... Read more

    Affected Products : symfony
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11406

    An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavio... Read more

    Affected Products : debian_linux symfony
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11405

    Kliqqi 2.0.2 has CSRF in admin/admin_users.php.... Read more

    Affected Products : kliqqi_cms
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11404

    DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.... Read more

    Affected Products : domainmod
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11403

    DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.... Read more

    Affected Products : domainmod
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2018-11402

    SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.... Read more

    Affected Products : u9k-kp1000_firmware u9k-kp1000
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11401

    In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.... Read more

    Affected Products : u9k-bs1000_firmware u9k-bs1000
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11400

    In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.... Read more

    Affected Products : u9k-bs1000_firmware u9k-bs1000
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-11399

    SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.... Read more

    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11396

    ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.... Read more

    Affected Products : epiphany
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294119 Results