Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-10657

    Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.... Read more

    Affected Products : synapse
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10655

    DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).... Read more

    Affected Products : plug_and_play_auditor
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10654

    There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10653

    There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10652

    There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10651

    There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10650

    There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10649

    There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10648

    There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10647

    SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferV... Read more

    Affected Products : safervpn
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10646

    CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed... Read more

    Affected Products : cyberghost
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10645

    Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The... Read more

    Affected Products : vyprvpn
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10642

    Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig(... Read more

    Affected Products : itop
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10641

    D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.... Read more

    Affected Products : dir-601_firmware dir-600l
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10637

    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.... Read more

    Affected Products : v-server
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10636

    CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack.... Read more

    Affected Products : cncsoft screeneditor
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10635

    In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may ... Read more

    Affected Products : cb3.1_firmware cb3.1
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10633

    Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller.... Read more

    Affected Products : cb3.1_firmware cb3.1
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10632

    In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.... Read more

    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10630

    For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access... Read more

    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293656 Results