Latest CVE Feed
-
9.8
CRITICALCVE-2018-18861
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.... Read more
Affected Products : pcman_ftp_server- Published: Nov. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-10904
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more
Affected Products : qt- Published: Dec. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-18814
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker t... Read more
- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-4657
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.... Read more
Affected Products : ansible- Published: Feb. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18888
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.... Read more
Affected Products : laravelcms- Published: Nov. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18834
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.... Read more
Affected Products : libiec61850- Published: Oct. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18801
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].... Read more
Affected Products : bsen_ordering_software- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18795
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.... Read more
Affected Products : school_event_management_system- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18754
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.... Read more
- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.... Read more
Affected Products : webiness_inventory- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18766
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.... Read more
Affected Products : sitekiosk- Published: Mar. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18757
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.... Read more
Affected Products : open_faculty_evaluation_system- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18792
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.... Read more
Affected Products : zzcms- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18698
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.... Read more
- Published: Dec. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18602
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.... Read more
Affected Products : 180_outdoor_firmware 180_indoor_firmware 360_outdoor_firmware 360_indoor_firmware outdoor_hd_camera_firmware indoor_hd_camera_firmware 180_outdoor 180_indoor 360_outdoor 360_indoor +2 more products- Published: Dec. 31, 2018
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2018-18763
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.... Read more
Affected Products : saltos- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext p... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-3539
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.... Read more
- Published: Apr. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-3484
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) caus... Read more
Affected Products : musl- Published: Feb. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18619
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sql... Read more
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024