Latest CVE Feed
-
9.8
CRITICALCVE-2018-18795
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.... Read more
Affected Products : school_event_management_system- EPSS Score: %3.03
- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18754
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.... Read more
- EPSS Score: %0.30
- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.... Read more
Affected Products : webiness_inventory- EPSS Score: %0.41
- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18766
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.... Read more
Affected Products : sitekiosk- EPSS Score: %0.50
- Published: Mar. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18757
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.... Read more
Affected Products : open_faculty_evaluation_system- EPSS Score: %0.31
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18792
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.... Read more
Affected Products : zzcms- EPSS Score: %0.26
- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18698
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.... Read more
- EPSS Score: %0.30
- Published: Dec. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18602
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.... Read more
Affected Products : 180_outdoor_firmware 180_indoor_firmware 360_outdoor_firmware 360_indoor_firmware outdoor_hd_camera_firmware indoor_hd_camera_firmware 180_outdoor 180_indoor 360_outdoor 360_indoor +2 more products- EPSS Score: %0.34
- Published: Dec. 31, 2018
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2018-18763
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.... Read more
Affected Products : saltos- EPSS Score: %3.03
- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext p... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- EPSS Score: %0.18
- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-3539
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.... Read more
- EPSS Score: %2.09
- Published: Apr. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-3484
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) caus... Read more
Affected Products : musl- EPSS Score: %1.79
- Published: Feb. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18619
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sql... Read more
- EPSS Score: %3.49
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18512
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This v... Read more
Affected Products : thunderbird- EPSS Score: %0.44
- Published: Apr. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18500
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Th... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %28.80
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %2.06
- Published: Feb. 28, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-38612
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unr... Read more
Affected Products : linux_kernel- Published: Jun. 19, 2024
- Modified: Apr. 01, 2025
-
9.8
CRITICALCVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.... Read more
Affected Products : thinkphp- EPSS Score: %0.26
- Published: Oct. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18501
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run ar... Read more
- EPSS Score: %2.59
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18450
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.... Read more
Affected Products : pbootcms- EPSS Score: %0.37
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024