Launchpad.net

Launchpad CVE tracker

Find CVEs by number or keywords:
Show all registered CVEs

Recently updated CVEs

CVE-2018-8779 (Candidate)
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
Created on 2018-03-20 and modified 12 hours ago.

CVE-2018-8831 (Candidate)
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
Created on 2018-03-21 and modified 12 hours ago.

CVE-2018-8840 (Candidate)
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
Created on 2018-03-21 and modified 12 hours ago.

CVE-2018-9137 (Candidate)
Open-AudIT before 2.2 has CSV Injection.
Created on 2018-03-30 and modified 12 hours ago.

CVE-2018-9163 (Candidate)
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
Created on 2018-04-01 and modified 12 hours ago.

Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.