Latest CVE Feed
-
6.1
MEDIUMCVE-2018-11487
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.... Read more
Affected Products : phpmywind- Published: May. 26, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-11486
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and injec... Read more
Affected Products : advance_search_for_woocommerce- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-11485
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referra... Read more
Affected Products : woocommerce_quick_reports- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.... Read more
- Published: May. 30, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.... Read more
- Published: May. 30, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and e... Read more
Affected Products : windscribe- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-11478
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every ven... Read more
- Published: May. 30, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-11477
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protecti... Read more
- Published: May. 30, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-11476
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without aut... Read more
- Published: May. 30, 2018
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2018-11475
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.... Read more
Affected Products : monstra- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2018-11474
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.... Read more
Affected Products : monstra- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-11473
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).... Read more
Affected Products : monstra- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-11472
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).... Read more
Affected Products : monstra- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-11471
Cockpit 0.5.5 has XSS via a collection, form, or region.... Read more
Affected Products : cockpit- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-11470
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.... Read more
Affected Products : eswap- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2018-11469
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_requ... Read more
- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-11468
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.... Read more
- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11466
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < ... Read more
- Published: Dec. 12, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-11465
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < ... Read more
- Published: Dec. 12, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-11464
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected pr... Read more
- Published: Dec. 12, 2018
- Modified: Nov. 21, 2024