Latest CVE Feed
-
9.8
CRITICALCVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.... Read more
Affected Products : centreon- Published: Nov. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7359
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.... Read more
- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18796
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.... Read more
Affected Products : library_management_system- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18805
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.... Read more
Affected Products : pointofsales- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-9209
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2... Read more
Affected Products : php-traditional-server- Published: Nov. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-16223
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.... Read more
Affected Products : qbeecam- Published: Nov. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-19410
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directi... Read more
Affected Products : prtg_network_monitor- Actively Exploited
- Published: Nov. 21, 2018
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or ... Read more
Affected Products : nuuo_cms- Published: Nov. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-19290
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact,... Read more
Affected Products : budabot- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.... Read more
- Published: Dec. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-33025
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.... Read more
Affected Products : wcd9380_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware ar8035_firmware qca8081_firmware qca8337_firmware qcm4490_firmware +38 more products- Published: Jan. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20056
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange curr... Read more
- Published: Dec. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 15... Read more
Affected Products : security_guardium- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20027
The yaml_parse.load method in Pylearn2 allows code injection.... Read more
Affected Products : pylearn2- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1784
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.... Read more
Affected Products : api_connect- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.... Read more
- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18871
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the ori... Read more
- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.... Read more
Affected Products : manageengine_opmanager- Published: Dec. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18008
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.... Read more
Affected Products : dwr-116_firmware dir-140l_firmware dir-640l_firmware dwr-512_firmware dwr-921_firmware dsl-2770l_firmware dwr-555_firmware dwr-921 dwr-116 dir-140l +4 more products- Published: Dec. 21, 2018
- Modified: Nov. 21, 2024