Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-1000619

    Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permissio... Read more

    Affected Products : ovidentia
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000618

    EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability ... Read more

    Affected Products : eos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000617

    Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread ... Read more

    Affected Products : floodlight_controller floodlight
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000616

    ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch... Read more

    Affected Products : onos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-1000615

    ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear... Read more

    Affected Products : onos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000614

    ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely lau... Read more

    Affected Products : onos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000611

    SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the... Read more

    Affected Products : openconext_engineblock
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000610

    A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Je... Read more

    Affected Products : configuration_as_code
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000609

    A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.... Read more

    Affected Products : configuration_as_code
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-1000608

    A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extensi... Read more

    Affected Products : z\/os_connector
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000607

    A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by... Read more

    Affected Products : fortify_cloudscan
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000606

    A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.... Read more

    Affected Products : urltrigger
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-1000605

    A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.... Read more

    Affected Products : collabnet
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1000604

    A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another... Read more

    Affected Products : badge
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000603

    A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JClouds... Read more

    Affected Products : openstack_cloud
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-1000602

    A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.... Read more

    Affected Products : saml
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000601

    A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the ... Read more

    Affected Products : ssh_credentials
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000600

    A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another... Read more

    Affected Products : github
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-1000559

    qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user'... Read more

    Affected Products : qutebrowser
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-1000558

    OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to ... Read more

    Affected Products : ocsinventory_ng
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results