Latest CVE Feed
-
6.1
MEDIUMCVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.... Read more
- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.... Read more
- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-14037
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If t... Read more
Affected Products : kendo_ui- Published: Sep. 28, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-14036
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.... Read more
- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14035
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.... Read more
Affected Products : hdf5- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14034
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.... Read more
Affected Products : hdf5- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14033
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.... Read more
Affected Products : hdf5- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14031
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.... Read more
Affected Products : hdf5- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14029
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.... Read more
Affected Products : witycms- Published: Jul. 13, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads l... Read more
Affected Products : wordpress- Published: Aug. 10, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-14027
Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page.... Read more
- Published: Jul. 05, 2019
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2018-14023
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.... Read more
- Published: Aug. 20, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-14020
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacke... Read more
Affected Products : paymorrow- Published: Aug. 20, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-14017
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_ja... Read more
Affected Products : radare2- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-14016
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.... Read more
Affected Products : radare2- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-14014
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.... Read more
Affected Products : super_cms- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-14013
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.... Read more
Affected Products : zimbra_collaboration_suite- Published: May. 29, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14012
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.... Read more
Affected Products : wolfsight_cms- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more
Affected Products : xiaomi_r3p_firmware xiaomi_r3c_firmware xiaomi_r3d_firmware xiaomi_r3 xiaomi_r3p xiaomi_r3c xiaomi_r3d xiaomi_r3- Published: Jul. 15, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-14009
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.... Read more
Affected Products : codiad- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024