Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2018-10219

    baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.... Read more

    Affected Products : baijiacms
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10205

    hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.... Read more

    Affected Products : hyperstart
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10204

    PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRA... Read more

    Affected Products : purevpn
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10201

    An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL wi... Read more

    Affected Products : vspace_pro
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10199

    In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.... Read more

    Affected Products : mruby
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-10198

    An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.... Read more

    Affected Products : otrs
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10197

    There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerabi... Read more

    Affected Products : access_manager
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10196

    NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.... Read more

    Affected Products : ubuntu_linux fedora graphviz
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-10195

    lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.... Read more

    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10194

    The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application c... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10193

    LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.... Read more

    Affected Products : lastpass
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10192

    IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a thi... Read more

    Affected Products : ipvanish
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10191

    In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use th... Read more

    Affected Products : debian_linux mruby
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10190

    A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of acce... Read more

    Affected Products : private_internet_access
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10189

    An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to sys... Read more

    Affected Products : mautic mautic
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10188

    phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.... Read more

    Affected Products : phpmyadmin
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10187

    In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from ... Read more

    Affected Products : radare2
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10186

    In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.... Read more

    Affected Products : radare2
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10185

    An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.... Read more

    Affected Products : tuzicms
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10184

    An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a lar... Read more

    Affected Products : enterprise_linux haproxy
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293636 Results