Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-10759

    PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.... Read more

    Affected Products : projectpier
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10758

    The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.... Read more

    Affected Products : yellow
    • Published: May. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10757

    CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.... Read more

    Affected Products : csp_mysql_user_manager
    • Published: May. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10756

    Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.... Read more

    Affected Products : fedora debian_linux transmission
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10753

    Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : fedora debian_linux abcm2ps
    • Published: May. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10752

    The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.... Read more

    Affected Products : tagregator
    • Published: May. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10751

    A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-20... Read more

    Affected Products : samsung_mobile
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10750

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause ... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10749

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corr... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10748

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corrupti... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10747

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corru... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10746

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corru... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10740

    Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.... Read more

    Affected Products : axublog
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10739

    An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered.... Read more

    Affected Products : 2345_security_guard
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10738

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.... Read more

    Affected Products : nagios_xi
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10737

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.... Read more

    Affected Products : nagios_xi
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10736

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.... Read more

    Affected Products : nagios_xi
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10735

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.... Read more

    Affected Products : nagios_xi
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10734

    KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.... Read more

    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10733

    There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.... Read more

    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results