Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-10407

    An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that th... Read more

    Affected Products : carbon_black_cb
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10406

    An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code ... Read more

    Affected Products : osxcollector
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10405

    An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will beli... Read more

    Affected Products : santa
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10404

    An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the ... Read more

    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10403

    An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will belie... Read more

    Affected Products : xfence
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10393

    bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.... Read more

    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10392

    mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a craft... Read more

    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10389

    Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.... Read more

    Affected Products : open_tftp_server
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10388

    Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.... Read more

    Affected Products : open_tftp_server
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10387

    Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.... Read more

    Affected Products : open_tftp_server
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10383

    Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.... Read more

    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10382

    MODX Revolution 2.6.3 has XSS.... Read more

    Affected Products : modx_revolution
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10381

    TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly... Read more

    Affected Products : tunnelbear
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10380

    kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.... Read more

    Affected Products : debian_linux leap plasma
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10379

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.... Read more

    Affected Products : gitlab
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-10377

    PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.... Read more

    Affected Products : burp_suite
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10376

    An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exp... Read more

    Affected Products : smartmesh
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10375

    A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-T... Read more

    Affected Products : dedecms
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10374

    EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.... Read more

    Affected Products : easycms
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10373

    concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as ... Read more

    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293669 Results