IDCVSSSummaryLast (major) updatePublished
CVE-2018-4847 None
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physic
23-04-2018 - 12:29 23-04-2018 - 12:29
CVE-2018-3850 None
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2017-14458 None
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrar
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2018-10234 None
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
23-04-2018 - 10:29 23-04-2018 - 10:29
CVE-2018-10233 None
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
23-04-2018 - 10:29 23-04-2018 - 10:29
CVE-2017-13073 None
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
23-04-2018 - 10:29 23-04-2018 - 10:29
CVE-2017-1786 None
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
23-04-2018 - 09:29 23-04-2018 - 09:29
CVE-2017-1764 None
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
23-04-2018 - 09:29 23-04-2018 - 09:29
CVE-2017-1701 None
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 13439
23-04-2018 - 09:29 23-04-2018 - 09:29
CVE-2017-1486 None
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t
23-04-2018 - 09:29 23-04-2018 - 09:29
CVE-2017-1473 None
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
23-04-2018 - 09:29 23-04-2018 - 09:29
CVE-2018-10299 None
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digita
23-04-2018 - 00:29 23-04-2018 - 00:29
CVE-2018-10298 None
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
22-04-2018 - 11:29 22-04-2018 - 11:29
CVE-2018-10297 None
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
22-04-2018 - 11:29 22-04-2018 - 11:29
CVE-2017-17902 None
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
22-04-2018 - 11:29 22-04-2018 - 11:29
CVE-2017-17889 None
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.
22-04-2018 - 11:29 22-04-2018 - 11:29
CVE-2018-10296 None
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
22-04-2018 - 10:29 22-04-2018 - 10:29
CVE-2018-10295 None
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.
22-04-2018 - 10:29 22-04-2018 - 10:29
CVE-2018-9245 None
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10286 None
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see t
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10285 None
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10289 None
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
22-04-2018 - 01:29 22-04-2018 - 01:29
CVE-2018-10268 None
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
21-04-2018 - 21:29 21-04-2018 - 21:29
CVE-2018-10267 None
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
21-04-2018 - 21:29 21-04-2018 - 21:29
CVE-2018-10266 None
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
21-04-2018 - 21:29 21-04-2018 - 21:29
CVE-2018-10265 None
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
21-04-2018 - 21:29 21-04-2018 - 21:29
CVE-2018-10126 None
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.
21-04-2018 - 17:29 21-04-2018 - 17:29
CVE-2017-15640 None
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.
21-04-2018 - 17:29 21-04-2018 - 17:29
CVE-2018-10284 None
Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.
21-04-2018 - 15:29 21-04-2018 - 15:29
CVE-2018-10283 None
CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action.
21-04-2018 - 15:29 21-04-2018 - 15:29
CVE-2018-10254 None
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a craft
21-04-2018 - 12:29 21-04-2018 - 12:29
CVE-2018-10253 None
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
20-04-2018 - 22:29 20-04-2018 - 22:29
CVE-2018-9059 None
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-7747 None
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log,
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10176 None
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10175 None
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10174 None
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-o
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10173 None
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10079 None
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10078 None
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10077 None
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2017-2825 None
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0950 None
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0931 None
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations component
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0927 None
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0912 None
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0900 None
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2014-0883 None
Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-8826 None
ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware bef
20-04-2018 - 16:29 20-04-2018 - 16:29
CVE-2014-6112 None
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveragi
20-04-2018 - 16:29 20-04-2018 - 16:29
Back to Top Mark selected
Back to Top