Max CVSS 10.0 Min CVSS 1.9 Total Count672
IDCVSSSummaryLast (major) updatePublished
CVE-2019-6441 10.0
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and d
21-03-2019 - 13:29 21-03-2019 - 12:01
CVE-2019-6282 6.8
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
21-03-2019 - 12:29 21-03-2019 - 12:01
CVE-2019-6279 6.8
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Securit
21-03-2019 - 12:29 21-03-2019 - 12:01
CVE-2019-7391 6.8
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6967 6.8
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6275 6.5
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6274 6.5
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6273 4.0
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6272 6.5
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2018-20556 6.5
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-20526 7.5
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-20525 5.0
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18798 7.5
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18762 4.3
SaltOS 3.1 r8126 contains a database download vulnerability.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-17997 4.3
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-17996 5.8
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2019-9692 4.0
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
11-03-2019 - 14:29 11-03-2019 - 14:29
CVE-2019-9650 4.3
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
10-03-2019 - 21:29 10-03-2019 - 21:29
CVE-2019-6710 6.8
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
07-03-2019 - 18:29 07-03-2019 - 18:29
CVE-2019-9194 7.5
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
26-02-2019 - 14:29 26-02-2019 - 14:29
CVE-2019-9082 10.0
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
24-02-2019 - 13:29 24-02-2019 - 13:29
CVE-2014-10079 5.0
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
23-02-2019 - 09:29 23-02-2019 - 09:29
CVE-2014-10078 4.3
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
23-02-2019 - 09:29 23-02-2019 - 09:29
CVE-2019-6340 6.8
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following co
21-02-2019 - 16:29 21-02-2019 - 16:29
CVE-2018-20782 5.0
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
17-02-2019 - 13:29 17-02-2019 - 13:29
CVE-2019-7400 4.3
Rukovoditel before 2.4.1 allows XSS.
05-02-2019 - 01:29 05-02-2019 - 01:29
CVE-2018-15657 1.9
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
04-02-2019 - 22:29 04-02-2019 - 22:29
CVE-2018-19043 5.0
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19042 5.0
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19041 4.3
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19040 5.0
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19782 4.3
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
30-01-2019 - 10:29 30-01-2019 - 10:29
CVE-2019-6979 4.3
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
28-01-2019 - 03:29 28-01-2019 - 03:29
CVE-2019-6804 4.3
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
25-01-2019 - 00:29 25-01-2019 - 00:29
CVE-2019-6780 5.8
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
24-01-2019 - 15:29 24-01-2019 - 15:29
CVE-2019-6263 3.5
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
16-01-2019 - 03:29 16-01-2019 - 03:29
CVE-2019-5893 7.5
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
10-01-2019 - 12:29 10-01-2019 - 12:29
CVE-2018-19862 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-19861 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-20326 4.3
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-13045 7.5
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2019-3501 3.5
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.
02-01-2019 - 08:29 02-01-2019 - 08:29
CVE-2018-19799 4.3
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19616 6.8
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-20448 3.5
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
25-12-2018 - 11:29 25-12-2018 - 11:29
CVE-2018-20418 3.5
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
23-12-2018 - 23:29 23-12-2018 - 23:29
CVE-2018-1000811 6.5
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a craf
20-12-2018 - 10:29 20-12-2018 - 10:29
CVE-2018-19829 5.8
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-19933 4.3
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
17-12-2018 - 14:29 17-12-2018 - 14:29
CVE-2018-19828 4.3
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
17-12-2018 - 14:29 17-12-2018 - 14:29
CVE-2018-18923 7.5
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id a
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-20011 3.5
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20010 3.5
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-19915 3.5
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
06-12-2018 - 14:29 06-12-2018 - 14:29
CVE-2018-19914 3.5
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
06-12-2018 - 14:29 06-12-2018 - 14:29
CVE-2018-19913 3.5
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
06-12-2018 - 14:29 06-12-2018 - 14:29
CVE-2018-19908 9.0
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute ar
06-12-2018 - 11:29 06-12-2018 - 11:29
CVE-2018-19877 4.3
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
05-12-2018 - 16:29 05-12-2018 - 16:29
CVE-2018-1002009 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002008 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variabl
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002007 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST reque
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002006 3.5
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002005 3.5
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002004 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002003 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002002 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002001 3.5
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-1002000 6.5
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST req
03-12-2018 - 11:29 03-12-2018 - 11:29
CVE-2018-19752 3.5
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-19751 3.5
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-19750 3.5
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-19749 3.5
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-18619 7.5
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute th
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-18982 6.5
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
27-11-2018 - 15:29 27-11-2018 - 15:29
CVE-2018-19458 5.0
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
22-11-2018 - 15:29 22-11-2018 - 15:29
CVE-2018-18805 7.5
PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18804 7.5
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18803 7.5
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18801 7.5
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18799 6.8
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18797 6.8
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18795 7.5
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18794 6.8
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18793 7.5
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18763 7.5
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18761 7.5
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18760 4.3
RhinOS 3.0 build 1190 allows CSRF.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-18755 7.5
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
16-11-2018 - 13:29 16-11-2018 - 13:29
CVE-2018-19287 4.3
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
15-11-2018 - 01:29 15-11-2018 - 01:29
CVE-2018-19246 5.0
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the
13-11-2018 - 04:29 13-11-2018 - 04:29
CVE-2018-19135 6.8
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatic
10-11-2018 - 23:29 10-11-2018 - 23:29
CVE-2018-19136 4.3
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
09-11-2018 - 14:29 09-11-2018 - 14:29
CVE-2018-19126 7.5
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
09-11-2018 - 06:29 09-11-2018 - 06:29
CVE-2018-19125 6.4
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
09-11-2018 - 06:29 09-11-2018 - 06:29
CVE-2018-18777 4.0
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slas
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18776 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18775 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18419 3.5
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18417 3.5
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-18308 4.3
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
16-10-2018 - 18:29 16-10-2018 - 18:29
CVE-2018-9206 7.5
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
11-10-2018 - 11:29 11-10-2018 - 11:29
CVE-2018-17784 4.3
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
10-10-2018 - 17:29 10-10-2018 - 17:29
CVE-2018-17593 4.3
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
02-10-2018 - 14:29 02-10-2018 - 14:29
CVE-2018-17591 4.3
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
02-10-2018 - 14:29 02-10-2018 - 14:29
CVE-2018-17590 4.3
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
02-10-2018 - 14:29 02-10-2018 - 14:29
CVE-2018-17588 4.3
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
02-10-2018 - 14:29 02-10-2018 - 14:29
CVE-2018-17587 4.3