Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-11007

    A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11006

    An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11005

    A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11004

    An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.... Read more

    Affected Products : sdcms
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11003

    An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.... Read more

    Affected Products : yxcms
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-11002

    Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10999

    An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10998

    An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.... Read more

    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10997

    Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.... Read more

    Affected Products : etereweb
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10996

    The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.... Read more

    Affected Products : dir-629-b_firmware dir-629-b
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10995

    SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).... Read more

    Affected Products : debian_linux slurm
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10994

    js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.... Read more

    Affected Products : signal signal-desktop
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10992

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --... Read more

    Affected Products : lilypond
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-10990

    On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later ... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2018-10989

    Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to byp... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10988

    An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard... Read more

    Affected Products : diqee360_firmware diqee360
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2018-10987

    An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuu... Read more

    Affected Products : diqee360_firmware diqee360
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10986

    OX Guard 2.8.0 has CSRF.... Read more

    Affected Products : ox_guard
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10982

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deli... Read more

    Affected Products : debian_linux xen
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10981

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.... Read more

    Affected Products : debian_linux xen
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293940 Results