Latest CVE Feed
-
9.8
CRITICALCVE-2017-14242
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.... Read more
- Published: Sep. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-18922
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.... Read more
Affected Products : ticketly- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18887
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).... Read more
Affected Products : s-cms- Published: Nov. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18912
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execut... Read more
Affected Products : easy_file_sharing_web_server- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18861
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.... Read more
Affected Products : pcman_ftp_server- Published: Nov. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-10904
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more
Affected Products : qt- Published: Dec. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-18814
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker t... Read more
- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-4657
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.... Read more
Affected Products : ansible- Published: Feb. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18888
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.... Read more
Affected Products : laravelcms- Published: Nov. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18834
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.... Read more
Affected Products : libiec61850- Published: Oct. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18801
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].... Read more
Affected Products : bsen_ordering_software- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18795
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.... Read more
Affected Products : school_event_management_system- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18754
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.... Read more
- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18752
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.... Read more
Affected Products : webiness_inventory- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18766
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.... Read more
Affected Products : sitekiosk- Published: Mar. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18757
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.... Read more
Affected Products : open_faculty_evaluation_system- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18792
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.... Read more
Affected Products : zzcms- Published: Oct. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18698
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.... Read more
- Published: Dec. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18602
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.... Read more
Affected Products : 180_outdoor_firmware 180_indoor_firmware 360_outdoor_firmware 360_indoor_firmware outdoor_hd_camera_firmware indoor_hd_camera_firmware 180_outdoor 180_indoor 360_outdoor 360_indoor +2 more products- Published: Dec. 31, 2018
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2018-18763
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.... Read more
Affected Products : saltos- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024