Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-11438

    The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11437

    The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11436

    The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11435

    The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11434

    The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11433

    The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11432

    The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.... Read more

    Affected Products : libmobi
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11430

    An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.... Read more

    Affected Products : moderator_log_notes
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11429

    ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.... Read more

    Affected Products : atlant
    • Published: Jul. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11427

    CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11426

    A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions ex... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11425

    Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11424

    There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11423

    There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11422

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11421

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted an... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11420

    There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.... Read more

    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11419

    An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.... Read more

    Affected Products : jerryscript
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11418

    An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.... Read more

    Affected Products : jerryscript
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11416

    jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : jpegoptim
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294316 Results