Max CVSS 10.0 Min CVSS 1.9 Total Count310
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6084 7.2
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6065 6.8
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6064 6.8
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-7602 7.5
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability
19-07-2018 - 13:29 19-07-2018 - 13:29
CVE-2018-6563 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change
20-06-2018 - 10:29 20-06-2018 - 10:29
CVE-2018-1132 7.5
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used
20-06-2018 - 09:29 20-06-2018 - 09:29
CVE-2017-5415 5.0
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5375 7.5
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-4206 6.8
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" compo
08-06-2018 - 14:29 08-06-2018 - 14:29
CVE-2018-4200 6.8
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves
08-06-2018 - 14:29 08-06-2018 - 14:29
CVE-2018-10751 5.4
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is S
29-05-2018 - 16:29 29-05-2018 - 16:29
CVE-2018-8898 7.5
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, w
23-05-2018 - 12:29 23-05-2018 - 12:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-11339 4.3
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
21-05-2018 - 21:29 21-05-2018 - 21:29
CVE-2018-11096 4.3
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
21-05-2018 - 10:29 21-05-2018 - 10:29
CVE-2018-11092 5.8
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
21-05-2018 - 10:29 21-05-2018 - 10:29
CVE-2018-11311 6.4
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
20-05-2018 - 18:29 20-05-2018 - 18:29
CVE-2018-11242 4.0
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and dat
20-05-2018 - 10:29 20-05-2018 - 10:29
CVE-2018-4937 10.0
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-4936 5.0
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-4935 10.0
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-4934 5.0
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
19-05-2018 - 13:29 19-05-2018 - 13:29
CVE-2018-11237 4.6
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
18-05-2018 - 12:29 18-05-2018 - 12:29
CVE-2018-1111 7.9
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network ab
17-05-2018 - 12:29 17-05-2018 - 12:29
CVE-2018-10123 9.0
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
16-05-2018 - 09:29 16-05-2018 - 09:29
CVE-2018-11094 10.0
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/E
15-05-2018 - 15:29 15-05-2018 - 15:29
CVE-2018-11034 6.1
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.
13-05-2018 - 21:29 13-05-2018 - 21:29
CVE-2018-6023 6.8
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-10832 4.3
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a u
11-05-2018 - 17:29 11-05-2018 - 17:29
CVE-2018-10580 3.5
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.
11-05-2018 - 10:29 11-05-2018 - 10:29
CVE-2018-10655 6.8
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
10-05-2018 - 10:29 10-05-2018 - 10:29
CVE-2018-10314 3.5
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List
09-05-2018 - 23:29 09-05-2018 - 23:29
CVE-2018-8174 7.6
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Ser
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8134 6.9
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Win
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-0953 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-10828 2.1
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. Th
09-05-2018 - 14:29 09-05-2018 - 14:29
CVE-2018-10830 6.1
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
09-05-2018 - 03:29 09-05-2018 - 03:29
CVE-2015-1503 7.8
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash
08-05-2018 - 16:29 08-05-2018 - 16:29
CVE-2018-8897 7.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
08-05-2018 - 14:29 08-05-2018 - 14:29
CVE-2018-1247 5.8
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted
08-05-2018 - 09:29 08-05-2018 - 09:29
CVE-2018-10809 6.1
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability
08-05-2018 - 03:29 08-05-2018 - 03:29
CVE-2018-0494 4.3
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
06-05-2018 - 18:29 06-05-2018 - 18:29
CVE-2018-10757 7.5
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
05-05-2018 - 15:29 05-05-2018 - 15:29
CVE-2018-10562 7.5
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when t
03-05-2018 - 23:29 03-05-2018 - 23:29
CVE-2018-10561 7.5
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/
03-05-2018 - 23:29 03-05-2018 - 23:29
CVE-2018-9302 6.4
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an inc
02-05-2018 - 11:29 02-05-2018 - 11:29
CVE-2018-10260 6.5
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10259 3.5
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10258 6.5
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10257 6.5
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10256 6.5
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10255 6.5
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2016-10036 7.5
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary
01-05-2018 - 15:29 01-05-2018 - 15:29
CVE-2018-10583 5.0
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg with
01-05-2018 - 12:29 01-05-2018 - 12:29
CVE-2018-10365 3.5
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.
01-05-2018 - 12:29 01-05-2018 - 12:29
CVE-2017-17020 6.5
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server
01-05-2018 - 12:29 01-05-2018 - 12:29
CVE-2018-10371 4.3
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to
01-05-2018 - 09:29 01-05-2018 - 09:29
CVE-2018-5234 8.3
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.
30-04-2018 - 14:29 30-04-2018 - 14:29
CVE-2018-10504 6.8
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
27-04-2018 - 12:29 27-04-2018 - 12:29
CVE-2018-7465 3.5
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser wi
26-04-2018 - 15:29 26-04-2018 - 15:29
CVE-2018-8716 3.5
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
25-04-2018 - 16:29 25-04-2018 - 16:29
CVE-2018-10366 4.3
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-10310 3.5
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser
25-04-2018 - 05:29 25-04-2018 - 05:29
CVE-2018-9131 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
24-04-2018 - 12:29 24-04-2018 - 12:29
CVE-2018-9060 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
24-04-2018 - 12:29 24-04-2018 - 12:29
CVE-2018-10321 3.5
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
24-04-2018 - 02:29 24-04-2018 - 02:29
CVE-2018-10313 3.5
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
23-04-2018 - 22:29 23-04-2018 - 22:29
CVE-2018-10312 6.8
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
23-04-2018 - 22:29 23-04-2018 - 22:29
CVE-2018-10311 4.3
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
23-04-2018 - 22:29 23-04-2018 - 22:29
CVE-2018-10309 3.5
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
23-04-2018 - 22:29 23-04-2018 - 22:29
CVE-2018-8880 5.0
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
23-04-2018 - 14:29 23-04-2018 - 14:29
CVE-2018-9245 10.0
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10286 4.0
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see t
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10285 7.5
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
22-04-2018 - 09:29 22-04-2018 - 09:29
CVE-2018-10253 5.0
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
20-04-2018 - 22:29 20-04-2018 - 22:29
CVE-2018-9059 7.5
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-7747 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log,
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10079 2.1
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10078 3.5
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10077 4.0
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10201 5.0
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted U
20-04-2018 - 04:29 20-04-2018 - 04:29
CVE-2018-10188 6.8
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
19-04-2018 - 10:29 19-04-2018 - 10:29
CVE-2018-9137 3.5
Open-AudIT before 2.2 has CSV Injection.
19-04-2018 - 04:29 19-04-2018 - 04:29
CVE-2018-2628 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthe
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-6546 10.0
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in a
18-04-2018 - 21:29 13-04-2018 - 12:29
CVE-2018-10110 3.5
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
18-04-2018 - 17:29 18-04-2018 - 17:29
CVE-2018-8831 4.3
A Persistent XSS vulnera