Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2018-10359

    A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An at... Read more

    Affected Products : officescan
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2018-10358

    A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An at... Read more

    Affected Products : officescan
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10357

    A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulne... Read more

    Affected Products : endpoint_application_control
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10356

    A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is requir... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2018-10355

    An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user databa... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10354

    A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to e... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10353

    A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is requi... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10352

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerabilit... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10351

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerabilit... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10350

    A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs... Read more

    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10329

    app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.... Read more

    Affected Products : phpipam
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-10328

    Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2018-10327

    PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.... Read more

    Affected Products : printeron
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10326

    PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to prin... Read more

    Affected Products : printeron
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10323

    The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10322

    The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10321

    Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10320

    Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10319

    Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10318

    Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.... Read more

    Affected Products : frog_cms frogcms
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293639 Results