Total
323564 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 9.8 Critical |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | ||||
| CVE-2018-14501 | 1 Joyplus Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | ||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 6.1 Medium |
| joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | ||||
| CVE-2018-14499 | 1 Hyphp | 1 Hybbs | 2024-11-21 | N/A |
| An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. | ||||
| CVE-2018-14498 | 6 Debian, Fedoraproject, Libjpeg-turbo and 3 more | 6 Debian Linux, Fedora, Libjpeg-turbo and 3 more | 2024-11-21 | N/A |
| get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | ||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | N/A |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | ||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | N/A |
| Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | ||||
| CVE-2018-14495 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | N/A |
| Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | ||||
| CVE-2018-14494 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | N/A |
| Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware | ||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | ||||
| CVE-2018-14492 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. | ||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | ||||
| CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A |
| BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | ||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | ||||
| CVE-2018-14478 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | N/A |
| ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | ||||
| CVE-2018-14476 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.1 Medium |
| GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | ||||
| CVE-2018-14474 | 1 Goodoldweb | 1 Orange Forum | 2024-11-21 | N/A |
| views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | ||||
| CVE-2018-14473 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. | ||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | ||||
| CVE-2018-14471 | 1 Gnu | 1 Libredwg | 2024-11-21 | N/A |
| dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. | ||||