Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-10058

    The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.... Read more

    Affected Products : bfgminer cgminer
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10057

    The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).... Read more

    Affected Products : bfgminer cgminer
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10055

    Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.... Read more

    Affected Products : tensorflow
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10054

    H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."... Read more

    Affected Products : h2 datomic
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10052

    iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.... Read more

    Affected Products : supportdesk
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10051

    iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.... Read more

    Affected Products : supportdesk
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10050

    iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.... Read more

    Affected Products : eswap
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10049

    iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.... Read more

    Affected Products : eswap
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10048

    iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.... Read more

    Affected Products : eswap
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10033

    CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10032

    CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10031

    CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10030

    CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10029

    CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-10028

    joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI.... Read more

    Affected Products : joyplus-cms
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10027

    ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\AL... Read more

    Affected Products : alzip
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-10026

    The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.... Read more

    Affected Products : yzmcms
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10024

    ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if... Read more

    Affected Products : vp5208a_firmware vp5208a
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10023

    Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).... Read more

    Affected Products : catfish_cms catfish-cms
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10021

    drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can o... Read more

    Affected Products : linux_kernel
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293628 Results