Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2018-1000807

    Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This atta... Read more

    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000805

    Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.... Read more

    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000804

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable ... Read more

    Affected Products : contiki-ng
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-1000803

    Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the oth... Read more

    Affected Products : gitea
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000802

    Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Inf... Read more

    Affected Products : ubuntu_linux debian_linux leap python
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000801

    okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he v... Read more

    Affected Products : debian_linux okular
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000800

    zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the ... Read more

    Affected Products : zephyr zephyr
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000773

    WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload... Read more

    Affected Products : wordpress
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000671

    sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This att... Read more

    Affected Products : debian_linux sympa
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000670

    KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circul... Read more

    Affected Products : koha
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000669

    KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid ... Read more

    Affected Products : koha
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000668

    jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted java... Read more

    Affected Products : jsish
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000667

    NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, ... Read more

    Affected Products : netwide_assembler nasm
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000666

    GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModificat... Read more

    Affected Products : openvcloud jumpscale
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000665

    Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result ... Read more

    Affected Products : dojo
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-1000664

    daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the ... Read more

    Affected Products : dsub_for_subsonic
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000663

    jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.... Read more

    Affected Products : jsish
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000661

    jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript c... Read more

    Affected Products : jsish
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000660

    TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub packa... Read more

    Affected Products : tock
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000659

    LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploita... Read more

    Affected Products : limesurvey
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293618 Results