Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-11246

    K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11245

    app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.... Read more

    Affected Products : misp
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11244

    The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.... Read more

    Affected Products : bbe_theme
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11242

    An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com... Read more

    Affected Products : makemytrip
    • Published: May. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11241

    An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of... Read more

    Affected Products : t-router_firmware t-router
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11240

    An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main server... Read more

    Affected Products : t-router_firmware t-router
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11239

    An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large ... Read more

    Affected Products : hexagon
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11237

    An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11236

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow ... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11235

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs ... Read more

    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11233

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.... Read more

    Affected Products : ubuntu_linux git
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11232

    The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.... Read more

    Affected Products : linux_kernel
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-11231

    In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.... Read more

    Affected Products : divido
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11230

    jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.... Read more

    Affected Products : jbig2enc
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11229

    Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).... Read more

    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11228

    Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).... Read more

    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11227

    Monstra CMS 3.0.4 and earlier has XSS via index.php.... Read more

    Affected Products : monstra_cms
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11226

    The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or p... Read more

    Affected Products : libming
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11225

    The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or poss... Read more

    Affected Products : libming
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11224

    An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.... Read more

    Affected Products : libav
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294353 Results