Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2018-10102

    Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.... Read more

    Affected Products : debian_linux wordpress
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10101

    Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.... Read more

    Affected Products : debian_linux wordpress
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10100

    Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.... Read more

    Affected Products : debian_linux wordpress
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10099

    Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the... Read more

    Affected Products : monorail
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10098

    In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).... Read more

    Affected Products : escan_internet_security_suite
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10097

    XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.... Read more

    Affected Products : domain_trader
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10096

    joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.... Read more

    Affected Products : joyplus-cms
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10095

    Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10094

    SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10093

    AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2018-10092

    The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10091

    AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10088

    Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.... Read more

    Affected Products : uc-httpd
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10087

    The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10086

    CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction"... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10085

    CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or d... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10084

    CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can b... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10083

    CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10082

    CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10081

    CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293645 Results