Max CVSS 7.5 Min CVSS 2.1 Total Count13
IDCVSSSummaryLast (major) updatePublished
CVE-2018-14922 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
14-08-2018 - 14:29 14-08-2018 - 14:29
CVE-2018-13417 7.5
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from th
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-13415 7.5
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-14869 3.5
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
07-08-2018 - 21:29 06-08-2018 - 17:29
CVE-2018-14912 5.0
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
06-08-2018 - 21:29 03-08-2018 - 15:29
CVE-2018-14857 6.5
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP cod
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2018-14541 3.5
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
05-08-2018 - 21:29 03-08-2018 - 21:29
CVE-2018-14840 4.3
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
01-08-2018 - 21:29 01-08-2018 - 21:29
CVE-2018-14493 4.3
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-14082 3.5
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.
18-07-2018 - 12:29 18-07-2018 - 12:29
CVE-2018-12090 4.3
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
11-06-2018 - 06:29 11-06-2018 - 06:29
CVE-2015-5736 7.2
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
21-12-2016 - 22:00 03-09-2015 - 10:59
CVE-2015-4077 2.1
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
21-12-2016 - 21:59 03-09-2015 - 10:59
Back to Top Mark selected
Back to Top