Launchpad CVE tracker

Find CVEs by number or keywords:
Show all registered CVEs

Recently updated CVEs

CVE-2018-9206 (Candidate)
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Created on 2018-04-03 and modified 17 hours ago.

CVE-2018-8014 (Candidate)
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
Created on 2018-03-10 and modified 17 hours ago.

CVE-2018-8453 (Candidate)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Created on 2018-03-15 and modified 17 hours ago.

CVE-2018-8495 (Candidate)
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Created on 2018-03-15 and modified 17 hours ago.

CVE-2018-5156 (Candidate)
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Created on 2018-01-04 and modified 17 hours ago.

Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.