Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2018-0116

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnera... Read more

    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-0115

    A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is du... Read more

    Affected Products : staros asr_5000 asr_5500 asr_5700
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0114

    A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signatur... Read more

    Affected Products : node-jose
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0113

    A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker c... Read more

    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2018-0112

    A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input valid... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0111

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. T... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-0110

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Se... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-0109

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. T... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0108

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct ad... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0107

    A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An a... Read more

    Affected Products : prime_service_catalog
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-0106

    A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An atta... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0105

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vul... Read more

    Affected Products : unified_communications_manager
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-0104

    A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a... Read more

    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0103

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the ... Read more

    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-0102

    A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software at... Read more

    Affected Products : nx-os nx-os
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-0101

    A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerabi... Read more

    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2018-0100

    A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling o... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0099

    A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments... Read more

    Affected Products : d9800_firmware d9800
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0098

    A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0097

    A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in... Read more

    Affected Products : prime_infrastructure
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293499 Results