Total
295100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14521 | 1 Aubio | 1 Aubio | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. | |||||
| CVE-2018-14520 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | |||||
| CVE-2018-14519 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | |||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | |||||
| CVE-2018-14515 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | |||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | |||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||||
| CVE-2018-14505 | 1 Mitmproxy | 1 Mitmproxy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py. | |||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | |||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | |||||
| CVE-2018-14501 | 1 Joyplus Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | |||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | |||||
| CVE-2018-14499 | 1 Hyphp | 1 Hybbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. | |||||
| CVE-2018-14498 | 5 Debian, Fedoraproject, Libjpeg-turbo and 2 more | 5 Debian Linux, Fedora, Libjpeg-turbo and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | |||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | |||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance. | |||||
| CVE-2018-14495 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance. | |||||
| CVE-2018-14494 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||