Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-11503

    The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.... Read more

    Affected Products : debian_linux discount
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11502

    An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.... Read more

    Affected Products : moderator_log_notes
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11501

    PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.... Read more

    Affected Products : website_seller_script
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11500

    An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.... Read more

    Affected Products : publiccms
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11499

    A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.... Read more

    Affected Products : libsass
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11498

    In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to c... Read more

    Affected Products : lizard lz5
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11496

    In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.... Read more

    Affected Products : debian_linux long_range_zip
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-11495

    OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.... Read more

    Affected Products : opencart
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-11494

    The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret... Read more

    Affected Products : opencart
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11492

    ASUS HG100 devices allow denial of service via an IPv4 packet flood.... Read more

    Affected Products : hg100_firmware hg100
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11491

    ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.... Read more

    Affected Products : hg100_firmware hg100
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11490

    The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a den... Read more

    Affected Products : ubuntu_linux debian_linux giflib sam2p
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11489

    The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or ... Read more

    Affected Products : giflib sam2p
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11488

    A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.... Read more

    Affected Products : dtsearch
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11487

    PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.... Read more

    Affected Products : phpmywind
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11486

    An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and injec... Read more

    Affected Products : advance_search_for_woocommerce
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11485

    The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referra... Read more

    Affected Products : woocommerce_quick_reports
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11482

    /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11481

    TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11479

    The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and e... Read more

    Affected Products : windscribe
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294329 Results