Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-11019

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a ker... Read more

    Affected Products : fire_os kindle_fire_hd
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11018

    An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.... Read more

    Affected Products : pbootcms
    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11017

    The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or po... Read more

    Affected Products : libming
    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11013

    Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.... Read more

    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11012

    ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.... Read more

    Affected Products : halo
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11011

    ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.... Read more

    Affected Products : halo
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11010

    A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11009

    A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11008

    An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11007

    A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11006

    An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11005

    A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11004

    An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.... Read more

    Affected Products : sdcms
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11003

    An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.... Read more

    Affected Products : yxcms
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-11002

    Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10999

    An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10998

    An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.... Read more

    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10997

    Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.... Read more

    Affected Products : etereweb
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10996

    The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.... Read more

    Affected Products : dir-629-b_firmware dir-629-b
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10995

    SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).... Read more

    Affected Products : debian_linux slurm
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293948 Results