Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2018-11036

    Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11035

    In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.... Read more

    Affected Products : 2345_security_guard security_guard
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11034

    In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.... Read more

    Affected Products : 2345_security_guard security_guard
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11033

    The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.... Read more

    Affected Products : xpdf
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11032

    PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.... Read more

    Affected Products : phprap
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11031

    application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.... Read more

    Affected Products : phprap
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11027

    A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : icx7450-48_firmware icx7450-48
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11025

    kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11024

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a ke... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11023

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a ke... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11022

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a ker... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11021

    kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause ... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11020

    kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a ... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11019

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a ker... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11018

    An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.... Read more

    Affected Products : pbootcms
    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11017

    The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or po... Read more

    Affected Products : libming
    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11013

    Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.... Read more

    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11012

    ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.... Read more

    Affected Products : halo
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11011

    ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.... Read more

    Affected Products : halo
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11010

    A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293942 Results