Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2018-1002007

    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request va... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002006

    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002005

    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002004

    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002003

    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002002

    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1002001

    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-1002000

    There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.... Read more

    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000998

    FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim mu... Read more

    Affected Products : cvsweb
    • Published: Feb. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000997

    A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jel... Read more

    Affected Products : jenkins
    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000893

    Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions.... Read more

    Affected Products : bitcoin_sv
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000892

    Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages.... Read more

    Affected Products : bitcoin_sv
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000891

    Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums.... Read more

    Affected Products : bitcoin_sv
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000890

    FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.... Read more

    Affected Products : frontaccounting
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000889

    Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending ... Read more

    Affected Products : logisim-evolution
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000888

    PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called ... Read more

    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2018-1000887

    Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user ... Read more

    Affected Products : peel_shopping
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000886

    nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input f... Read more

    Affected Products : netwide_assembler
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000885

    PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to man... Read more

    Affected Products : phkp
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000884

    Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can r... Read more

    Affected Products : vesta_control_panel
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293625 Results