Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-1000010

    Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or de... Read more

    Affected Products : dry
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000009

    Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery... Read more

    Affected Products : checkstyle
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-1000008

    Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or de... Read more

    Affected Products : pmd
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000007

    libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redire... Read more

    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-1000006

    GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arb... Read more

    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-1000005

    libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte l... Read more

    Affected Products : ubuntu_linux debian_linux curl libcurl
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-1000004

    In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1000003

    Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.... Read more

    Affected Products : recursor
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1000002

    Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.... Read more

    Affected Products : knot_resolver
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-1000001

    In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.... Read more

    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0998

    An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0997

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991,... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0996

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Expl... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0995

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0994

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0993

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0991

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-201... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0990

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0989

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Intern... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2018-0988

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Expl... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results