Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-0718

    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.... Read more

    Affected Products : qts music_station
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0716

    Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised a... Read more

    Affected Products : qts
    • Published: Nov. 30, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0715

    Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.... Read more

    Affected Products : photo_station
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0714

    Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromis... Read more

    Affected Products : qts helpdesk qts_helpdesk
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0712

    Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.... Read more

    Affected Products : qts
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0711

    Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : qts
    • Published: Apr. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0710

    Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0709

    Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0708

    Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0707

    Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0706

    Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.... Read more

    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-0705

    Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.... Read more

    Affected Products : dezie
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0704

    Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.... Read more

    Affected Products : office
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0703

    Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.... Read more

    Affected Products : office
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0702

    Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.... Read more

    Affected Products : mailwise
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0701

    BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.... Read more

    Affected Products : macos windows bluestacks
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-0700

    YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.... Read more

    Affected Products : yukiwiki
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0699

    Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : yukiwiki
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0698

    Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : growi
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0697

    Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : metabase
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293588 Results