Max CVSS 7.2 Min CVSS 2.1 Total Count13
IDCVSSSummaryLast (major) updatePublished
CVE-2018-14922 None
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
14-08-2018 - 14:29 14-08-2018 - 14:29
CVE-2018-13417 None
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from th
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-13415 None
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-14869 None
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
07-08-2018 - 21:29 06-08-2018 - 17:29
CVE-2018-14912 None
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
06-08-2018 - 21:29 03-08-2018 - 15:29
CVE-2018-14857 None
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP cod
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2018-14541 None
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
05-08-2018 - 21:29 03-08-2018 - 21:29
CVE-2018-14840 None
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
01-08-2018 - 21:29 01-08-2018 - 21:29
CVE-2018-14493 None
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-14082 None
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.
18-07-2018 - 12:29 18-07-2018 - 12:29
CVE-2018-12090 4.3
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
11-06-2018 - 06:29 11-06-2018 - 06:29
CVE-2015-5736 7.2
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
21-12-2016 - 22:00 03-09-2015 - 10:59
CVE-2015-4077 2.1
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
21-12-2016 - 21:59 03-09-2015 - 10:59
Back to Top Mark selected
Back to Top