Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-10353

    A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is requi... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10352

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerabilit... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10351

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerabilit... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10350

    A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs... Read more

    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10329

    app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.... Read more

    Affected Products : phpipam
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-10328

    Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2018-10327

    PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.... Read more

    Affected Products : printeron
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10326

    PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to prin... Read more

    Affected Products : printeron
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10323

    The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10322

    The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10321

    Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10320

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10319

    Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10318

    Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10316

    Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.... Read more

    Affected Products : netwide_assembler nasm
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10314

    Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scrip... Read more

    Affected Products : open-audit
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10310

    A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.... Read more

    Affected Products : cookie_consent
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10309

    The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.... Read more

    Affected Products : responsive_cookie_consent
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10307

    error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.... Read more

    Affected Products : ilias
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10306

    Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.... Read more

    Affected Products : ilias
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293633 Results