| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-18004 | Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware be... | E | |
| CVE-2018-18005 | Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06... | E | |
| CVE-2018-18006 | Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android giv... | E | |
| CVE-2018-18007 | atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin cred... | | |
| CVE-2018-18008 | spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to dis... | | |
| CVE-2018-18009 | dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover ... | | |
| CVE-2018-18013 | * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accep... | E | |
| CVE-2018-18014 | * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to exec... | E | |
| CVE-2018-18016 | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.... | S | |
| CVE-2018-18017 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?... | E | |
| CVE-2018-18018 | SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/... | E | |
| CVE-2018-18019 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?... | E | |
| CVE-2018-18020 | In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have... | E | |
| CVE-2018-18021 | arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles th... | S | |
| CVE-2018-18023 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function o... | E S | |
| CVE-2018-18024 | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bm... | E S | |
| CVE-2018-18025 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of c... | E S | |
| CVE-2018-18026 | IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a s... | E | |
| CVE-2018-18029 | Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.... | E S | |
| CVE-2018-18035 | A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, r... | S | |
| CVE-2018-18056 | An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller seri... | | |
| CVE-2018-18058 | An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered i... | | |
| CVE-2018-18059 | An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered i... | | |
| CVE-2018-18060 | An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered i... | | |
| CVE-2018-18061 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access ... | E | |
| CVE-2018-18062 | An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulne... | E | |
| CVE-2018-18064 | cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted documen... | E | |
| CVE-2018-18065 | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug ... | E S | |
| CVE-2018-18066 | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that ... | E S | |
| CVE-2018-18068 | The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allo... | E | |
| CVE-2018-18069 | process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XS... | E | |
| CVE-2018-18070 | An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 ... | | |
| CVE-2018-18071 | An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connec... | E | |
| CVE-2018-18073 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure... | S | |
| CVE-2018-18074 | The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon... | E S | |
| CVE-2018-18075 | WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the in... | E | |
| CVE-2018-18082 | XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or... | E | |
| CVE-2018-18083 | An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php se... | E | |
| CVE-2018-18084 | An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated ... | E | |
| CVE-2018-18086 | EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddo... | E | |
| CVE-2018-18087 | The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio... | E | |
| CVE-2018-18088 | OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c... | E | |
| CVE-2018-18089 | Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions ... | S | |
| CVE-2018-18090 | Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5... | S | |
| CVE-2018-18091 | Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.... | S | |
| CVE-2018-18092 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18093 | Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may al... | | |
| CVE-2018-18094 | Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an aut... | S | |
| CVE-2018-18095 | Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Serie... | S | |
| CVE-2018-18096 | Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authe... | | |
| CVE-2018-18097 | Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenti... | | |
| CVE-2018-18098 | Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows... | S | |
| CVE-2018-18099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18101 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18110 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18111 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18112 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18113 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18114 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18115 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18116 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18117 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18121 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18122 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18124 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18127 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18129 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18130 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18131 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18134 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18135 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18136 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18143 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18160 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18170 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18172 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18173 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18174 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18176 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18177 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18178 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18179 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18180 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18181 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18182 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18183 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18184 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18185 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18186 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18187 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18188 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18190 | An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_S... | S | |
| CVE-2018-18191 | Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCm... | E | |
| CVE-2018-18192 | An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::Fi... | E | |
| CVE-2018-18193 | An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTabl... | E | |
| CVE-2018-18194 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetS... | E | |
| CVE-2018-18195 | An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Samp... | E | |
| CVE-2018-18196 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetLi... | E | |
| CVE-2018-18197 | An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoo... | E | |
| CVE-2018-18198 | The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectiv... | E S | |
| CVE-2018-18199 | Mediamanager in REDAXO before 5.6.4 has XSS.... | | |
| CVE-2018-18200 | There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.... | | |
| CVE-2018-18201 | qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.... | E | |
| CVE-2018-18202 | The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an... | E | |
| CVE-2018-18203 | A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 ma... | E | |
| CVE-2018-18205 | Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direc... | | |
| CVE-2018-18206 | In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent nega... | S | |
| CVE-2018-18207 | Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.... | | |
| CVE-2018-18208 | Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.... | | |
| CVE-2018-18209 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type... | E | |
| CVE-2018-18210 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url ... | E | |
| CVE-2018-18211 | PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.... | E | |
| CVE-2018-18215 | In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.... | E | |
| CVE-2018-18223 | Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed fi... | | |
| CVE-2018-18224 | A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update... | | |
| CVE-2018-18225 | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/p... | S | |
| CVE-2018-18226 | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was... | S | |
| CVE-2018-18227 | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was ... | S | |
| CVE-2018-18240 | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because ... | E | |
| CVE-2018-18242 | youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=12345... | E | |
| CVE-2018-18244 | Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to... | E | |
| CVE-2018-18245 | Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRI... | E | |
| CVE-2018-18246 | Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable t... | E | |
| CVE-2018-18247 | Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.... | E | |
| CVE-2018-18248 | Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/use... | E | |
| CVE-2018-18249 | Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environm... | E | |
| CVE-2018-18250 | Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a sin... | E | |
| CVE-2018-18251 | Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a ... | | |
| CVE-2018-18252 | An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORI... | E | |
| CVE-2018-18253 | An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce ... | E | |
| CVE-2018-18254 | An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_w... | E | |
| CVE-2018-18255 | An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManage... | E | |
| CVE-2018-18256 | An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local adminis... | E | |
| CVE-2018-18257 | An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web se... | E | |
| CVE-2018-18258 | An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web ser... | E | |
| CVE-2018-18259 | Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/cre... | E | |
| CVE-2018-18260 | In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User se... | | |
| CVE-2018-18261 | In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcnam... | E | |
| CVE-2018-18262 | Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.... | | |
| CVE-2018-18264 | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Ser... | E S | |
| CVE-2018-18270 | XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterfac... | E | |
| CVE-2018-18271 | XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.p... | E | |
| CVE-2018-18274 | A issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttribut... | E | |
| CVE-2018-18276 | XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a ... | E | |
| CVE-2018-18281 | Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable l... | E S | |
| CVE-2018-18282 | Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.... | | |
| CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v... | E S | |
| CVE-2018-18285 | SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attac... | | |
| CVE-2018-18286 | SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attac... | | |
| CVE-2018-18287 | On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses ... | E | |
| CVE-2018-18288 | CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.... | | |
| CVE-2018-18289 | The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary ... | | |
| CVE-2018-18290 | An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content a... | | |
| CVE-2018-18291 | A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote a... | E | |
| CVE-2018-18296 | MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.... | E | |
| CVE-2018-18307 | A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/picture... | E | |
| CVE-2018-18308 | In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file... | E S | |
| CVE-2018-18309 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2018-18310 | An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in e... | E S | |
| CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t... | S | |
| CVE-2018-18312 | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression t... | E S | |
| CVE-2018-18313 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure ... | E S | |
| CVE-2018-18314 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid writ... | E S | |
| CVE-2018-18315 | com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because ... | | |
| CVE-2018-18316 | emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.... | E | |
| CVE-2018-18317 | DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.... | E | |
| CVE-2018-18318 | The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows att... | E | |
| CVE-2018-18319 | An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker ca... | E | |
| CVE-2018-18320 | An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker ca... | E | |
| CVE-2018-18322 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharact... | E | |
| CVE-2018-18323 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory trav... | E | |
| CVE-2018-18324 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_c... | E | |
| CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters.... | KEV E | |
| CVE-2018-18326 | DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting ... | E | |
| CVE-2018-18327 | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivir... | | |
| CVE-2018-18328 | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivir... | | |
| CVE-2018-18329 | A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivir... | | |
| CVE-2018-18330 | An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.... | | |
| CVE-2018-18331 | A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particu... | S | |
| CVE-2018-18332 | A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially... | M | |
| CVE-2018-18333 | A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and... | E | |
| CVE-2018-18334 | A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions bel... | | |
| CVE-2018-18335 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to pot... | | |
| CVE-2018-18336 | Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacke... | | |
| CVE-2018-18337 | Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.... | | |
| CVE-2018-18338 | Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a r... | | |
| CVE-2018-18339 | Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attac... | | |
| CVE-2018-18340 | Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote ... | | |
| CVE-2018-18341 | An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.8... | | |
| CVE-2018-18342 | Execution of user supplied Javascript during object deserialization can update object length leading... | | |
| CVE-2018-18343 | Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.8... | | |
| CVE-2018-18344 | Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google... | | |
| CVE-2018-18345 | Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a r... | | |
| CVE-2018-18346 | Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a re... | | |
| CVE-2018-18347 | Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 7... | | |
| CVE-2018-18348 | Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome pri... | | |
| CVE-2018-18349 | Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prio... | | |
| CVE-2018-18350 | Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.357... | | |
| CVE-2018-18351 | Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google C... | | |
| CVE-2018-18352 | Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prio... | | |
| CVE-2018-18353 | Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on And... | | |
| CVE-2018-18354 | Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior t... | | |
| CVE-2018-18355 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 ... | | |
| CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0... | | |
| CVE-2018-18357 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 ... | | |
| CVE-2018-18358 | Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an ... | | |
| CVE-2018-18359 | Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remot... | | |
| CVE-2018-18361 | An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the ... | | |
| CVE-2018-18362 | Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross si... | | |
| CVE-2018-18363 | Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumsta... | M | |
| CVE-2018-18364 | Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking ... | M | |
| CVE-2018-18365 | Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allo... | | |
| CVE-2018-18366 | Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9,... | | |
| CVE-2018-18367 | Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU... | | |
| CVE-2018-18368 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege es... | S | |
| CVE-2018-18369 | Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent ... | | |
| CVE-2018-18370 | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an F... | | |
| CVE-2018-18371 | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an F... | | |
| CVE-2018-18372 | A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management Sys... | | |
| CVE-2018-18373 | In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulner... | | |
| CVE-2018-18374 | XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.... | E | |
| CVE-2018-18375 | goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, ... | E | |
| CVE-2018-18376 | goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover infor... | E | |
| CVE-2018-18377 | goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to fact... | E | |
| CVE-2018-18379 | The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.1... | | |
| CVE-2018-18380 | A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided ... | S | |
| CVE-2018-18381 | Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php ... | E | |
| CVE-2018-18382 | Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-av... | E | |
| CVE-2018-18384 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship be... | E S | |
| CVE-2018-18385 | Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop)... | E | |
| CVE-2018-18386 | drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to acces... | S | |
| CVE-2018-18387 | playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.... | M | |
| CVE-2018-18388 | eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote o... | | |
| CVE-2018-18389 | Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting ... | E | |
| CVE-2018-18390 | User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1... | | |
| CVE-2018-18391 | User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions ve... | | |
| CVE-2018-18392 | Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management ... | | |
| CVE-2018-18393 | Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions ve... | | |
| CVE-2018-18394 | Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Soft... | | |
| CVE-2018-18395 | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version ... | | |
| CVE-2018-18396 | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions versio... | | |
| CVE-2018-18397 | The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certa... | E S | |
| CVE-2018-18398 | Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searche... | E | |
| CVE-2018-18399 | SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jc... | | |
| CVE-2018-18405 | jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability... | | |
| CVE-2018-18406 | An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Rep... | E | |
| CVE-2018-18407 | A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, ... | E S | |
| CVE-2018-18408 | A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets tri... | S | |
| CVE-2018-18409 | A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received inco... | E S | |
| CVE-2018-18416 | LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated ... | E | |
| CVE-2018-18417 | In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and u... | E | |
| CVE-2018-18419 | Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstr... | E | |
| CVE-2018-18420 | Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content... | E | |
| CVE-2018-18422 | UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.... | E | |
| CVE-2018-18425 | The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does ... | E S | |
| CVE-2018-18426 | s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted Us... | E | |
| CVE-2018-18427 | s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/mem... | E | |
| CVE-2018-18428 | TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated... | E | |
| CVE-2018-18430 | An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to ... | E | |
| CVE-2018-18431 | An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?modul... | E | |
| CVE-2018-18432 | An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add reque... | E | |
| CVE-2018-18433 | An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname]... | E | |
| CVE-2018-18434 | An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory tra... | S | |
| CVE-2018-18435 | KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder perm... | E S | |
| CVE-2018-18436 | JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&act... | E | |
| CVE-2018-18437 | In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the... | E | |
| CVE-2018-18438 | Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer d... | S | |
| CVE-2018-18439 | DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP serv... | E | |
| CVE-2018-18440 | DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image... | E M | |
| CVE-2018-18441 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The... | E | |
| CVE-2018-18442 | D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-s... | E | |
| CVE-2018-18443 | OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrate... | E | |
| CVE-2018-18444 | makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an asserti... | E | |
| CVE-2018-18445 | In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of... | S | |
| CVE-2018-18446 | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).... | | |
| CVE-2018-18447 | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).... | | |
| CVE-2018-18449 | EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/List... | E | |
| CVE-2018-18450 | apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQ... | E | |
| CVE-2018-18454 | CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of ser... | | |
| CVE-2018-18455 | The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of ... | | |
| CVE-2018-18456 | The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows rem... | | |
| CVE-2018-18457 | The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial... | | |
| CVE-2018-18458 | The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a den... | | |
| CVE-2018-18459 | The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial... | | |
| CVE-2018-18460 | XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term pa... | E | |
| CVE-2018-18461 | The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allow... | E | |
| CVE-2018-18466 | An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP c... | | |
| CVE-2018-18467 | An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom mess... | S | |
| CVE-2018-18471 | /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and ME... | E | |
| CVE-2018-18472 | Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Ex... | | |
| CVE-2018-18473 | A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Serie... | E | |
| CVE-2018-18475 | Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.... | | |
| CVE-2018-18476 | mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escapin... | E S | |
| CVE-2018-18478 | Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to injec... | E | |
| CVE-2018-18479 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-18480 | A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp... | E | |
| CVE-2018-18481 | A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp,... | E | |
| CVE-2018-18482 | An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_... | E | |
| CVE-2018-18483 | The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows ... | E | |
| CVE-2018-18484 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stac... | E | |
| CVE-2018-18485 | An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete ar... | E | |
| CVE-2018-18486 | An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_... | E | |
| CVE-2018-18487 | In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation us... | E | |
| CVE-2018-18488 | In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] paramet... | E | |
| CVE-2018-18489 | The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 R... | E | |
| CVE-2018-18492 | A use-after-free vulnerability can occur after deleting a selection element due to a weak reference ... | | |
| CVE-2018-18493 | A buffer overflow can occur in the Skia library during buffer offset calculations with hardware acce... | | |
| CVE-2018-18494 | A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascr... | | |
| CVE-2018-18495 | WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of ... | | |
| CVE-2018-18496 | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert ... | | |
| CVE-2018-18497 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed w... | | |
| CVE-2018-18498 | A potential vulnerability leading to an integer overflow can occur during buffer size calculations f... | | |
| CVE-2018-18499 | A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http... | | |
| CVE-2018-18500 | A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML e... | | |
| CVE-2018-18501 | Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firef... | | |
| CVE-2018-18502 | Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of ... | | |
| CVE-2018-18503 | When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash ma... | | |
| CVE-2018-18504 | A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is st... | | |
| CVE-2018-18505 | An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authenti... | S | |
| CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file o... | | |
| CVE-2018-18507 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2018-18508 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause ... | | |
| CVE-2018-18509 | A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as ... | | |
| CVE-2018-18510 | The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are ... | | |
| CVE-2018-18511 | Cross-origin images can be read from a canvas element in violation of the same-origin policy using t... | | |
| CVE-2018-18512 | A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memo... | | |
| CVE-2018-18513 | A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted si... | | |
| CVE-2018-18514 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18515 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18516 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18517 | Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58... | | |
| CVE-2018-18519 | BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan ho... | | |
| CVE-2018-18520 | An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v... | E S | |
| CVE-2018-18521 | Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allo... | E S | |
| CVE-2018-18524 | Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use t... | E | |
| CVE-2018-18527 | OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.... | E | |
| CVE-2018-18529 | ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.c... | E | |
| CVE-2018-18530 | ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php agg... | E | |
| CVE-2018-18531 | text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirst... | | |
| CVE-2018-18535 | The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read an... | E | |
| CVE-2018-18536 | The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality... | E | |
| CVE-2018-18537 | The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitr... | E | |
| CVE-2018-18540 | TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL.... | E | |
| CVE-2018-18541 | In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response invol... | S | |
| CVE-2018-18544 | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, an... | E S | |
| CVE-2018-18545 | Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.... | E | |
| CVE-2018-18546 | ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.p... | E S | |
| CVE-2018-18547 | Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ ba... | E | |
| CVE-2018-18548 | ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that... | E | |
| CVE-2018-18550 | ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.... | | |
| CVE-2018-18551 | ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.htm... | E | |
| CVE-2018-18552 | ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (men... | E | |
| CVE-2018-18553 | Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering o... | E | |
| CVE-2018-18555 | A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for o... | E | |
| CVE-2018-18556 | A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows ope... | E | |
| CVE-2018-18557 | LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0,... | E | |
| CVE-2018-18558 | An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insuff... | | |
| CVE-2018-18559 | In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_... | E S | |
| CVE-2018-18561 | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and C... | | |
| CVE-2018-18562 | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and C... | M | |
| CVE-2018-18563 | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below... | M | |
| CVE-2018-18564 | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below... | M | |
| CVE-2018-18565 | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below... | M | |
| CVE-2018-18566 | The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to... | E | |
| CVE-2018-18567 | AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain... | E | |
| CVE-2018-18568 | Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain... | E | |
| CVE-2018-18569 | The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowi... | E | |
| CVE-2018-18570 | Planon before Live Build 41 has XSS.... | E | |
| CVE-2018-18571 | An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 befo... | | |
| CVE-2018-18572 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Beca... | | |
| CVE-2018-18573 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remo... | | |
| CVE-2018-18576 | The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to ob... | | |
| CVE-2018-18578 | DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.... | E | |
| CVE-2018-18579 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.... | E | |
| CVE-2018-18581 | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internal... | E | |
| CVE-2018-18582 | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByt... | E | |
| CVE-2018-18583 | An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByt... | E | |
| CVE-2018-18584 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer i... | S | |
| CVE-2018-18585 | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as ... | E S | |
| CVE-2018-18586 | chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does n... | E | |
| CVE-2018-18587 | BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.... | | |
| CVE-2018-18589 | MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability | | |
| CVE-2018-18590 | MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution | | |
| CVE-2018-18591 | MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data | | |
| CVE-2018-18593 | MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities | | |
| CVE-2018-18599 | Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file.... | E | |
| CVE-2018-18600 | The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new fir... | | |
| CVE-2018-18601 | The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W... | | |
| CVE-2018-18602 | The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera a... | | |
| CVE-2018-18603 | 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.s... | | |
| CVE-2018-18605 | A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c ... | E | |
| CVE-2018-18606 | An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD)... | E | |
| CVE-2018-18607 | An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) libra... | E | |
| CVE-2018-18608 | DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.clas... | E | |
| CVE-2018-18619 | internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injecti... | E | |
| CVE-2018-18621 | CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandl... | E | |
| CVE-2018-18622 | An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=dore... | E | |
| CVE-2018-18623 | Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an... | E | |
| CVE-2018-18624 | Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue e... | E | |
| CVE-2018-18625 | Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue ... | E S | |
| CVE-2018-18626 | An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directo... | | |
| CVE-2018-18628 | An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() ca... | E S | |
| CVE-2018-18629 | An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An... | E S | |
| CVE-2018-18630 | A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in... | | |
| CVE-2018-18631 | mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 bef... | | |
| CVE-2018-18635 | www/guis/admin/application/controllers/UserController.php in the administration login interface in M... | E S | |
| CVE-2018-18636 | XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid paramete... | E | |
| CVE-2018-18638 | A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows networ... | E | |
| CVE-2018-18640 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E | |
| CVE-2018-18641 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | | |
| CVE-2018-18642 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E | |
| CVE-2018-18643 | GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.... | S | |
| CVE-2018-18644 | An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before... | E | |
| CVE-2018-18645 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E | |
| CVE-2018-18646 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E | |
| CVE-2018-18647 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E S | |
| CVE-2018-18648 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3... | E | |
| CVE-2018-18649 | An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11... | | |
| CVE-2018-18650 | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a d... | E | |
| CVE-2018-18651 | An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to laun... | E | |
| CVE-2018-18652 | A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenti... | | |
| CVE-2018-18653 | The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows priv... | E S | |
| CVE-2018-18654 | Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker c... | | |
| CVE-2018-18655 | Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a l... | S | |
| CVE-2018-18656 | The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in clea... | E | |
| CVE-2018-18657 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a D... | S | |
| CVE-2018-18658 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a D... | S | |
| CVE-2018-18659 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a D... | S | |
| CVE-2018-18660 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a D... | S | |
| CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDec... | E S | |
| CVE-2018-18662 | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonst... | E | |
| CVE-2018-18665 | The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow t... | E | |
| CVE-2018-18666 | The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow ... | E | |
| CVE-2018-18667 | The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow t... | E | |
| CVE-2018-18668 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML... | S | |
| CVE-2018-18669 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18670 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18671 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18672 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18673 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18674 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18675 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18676 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via th... | S | |
| CVE-2018-18678 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML... | S | |
| CVE-2018-18688 | The Portable Document Format (PDF) specification does not provide any information regarding the conc... | | |
| CVE-2018-18689 | The Portable Document Format (PDF) specification does not provide any information regarding the conc... | | |
| CVE-2018-18690 | In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could ... | E S | |
| CVE-2018-18692 | A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers ... | E | |
| CVE-2018-18694 | admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to t... | E | |
| CVE-2018-18695 | M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) c... | E | |
| CVE-2018-18696 | main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims th... | E M | |
| CVE-2018-18698 | An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices... | | |
| CVE-2018-18699 | An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source... | | |
| CVE-2018-18700 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Ther... | E | |
| CVE-2018-18701 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Ther... | E | |
| CVE-2018-18702 | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule be... | E | |
| CVE-2018-18703 | PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabi... | E | |
| CVE-2018-18704 | PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php use... | E | |
| CVE-2018-18705 | PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the ind... | E | |
| CVE-2018-18706 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18707 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18708 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18709 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18710 | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_... | S | |
| CVE-2018-18711 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super ... | E | |
| CVE-2018-18712 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super ... | E | |
| CVE-2018-18713 | The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attack... | | |
| CVE-2018-18714 | RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overfl... | E | |
| CVE-2018-18715 | Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.... | | |
| CVE-2018-18716 | Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.... | | |
| CVE-2018-18717 | An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&... | E | |
| CVE-2018-18718 | An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_the... | S | |
| CVE-2018-18720 | An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18721 | An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18722 | An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18723 | An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18724 | An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18725 | An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18726 | An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.... | E | |
| CVE-2018-18727 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18728 | An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05... | E | |
| CVE-2018-18729 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18730 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18731 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18732 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C... | E | |
| CVE-2018-18733 | An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue t... | E | |
| CVE-2018-18734 | A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.... | E | |
| CVE-2018-18735 | A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.... | E | |
| CVE-2018-18736 | An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."... | E | |
| CVE-2018-18737 | An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Th... | E | |
| CVE-2018-18738 | An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_... | E | |
| CVE-2018-18739 | An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.... | E | |
| CVE-2018-18740 | An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgi... | E | |
| CVE-2018-18741 | An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.... | E | |
| CVE-2018-18742 | A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.... | E | |
| CVE-2018-18743 | An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.p... | E | |
| CVE-2018-18744 | An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.... | E | |
| CVE-2018-18745 | An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing.... | E | |
| CVE-2018-18748 | Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or... | E | |
| CVE-2018-18749 | data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the writ... | E | |
| CVE-2018-18751 | An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read... | E | |
| CVE-2018-18752 | Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the prote... | E | |
| CVE-2018-18753 | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as d... | E | |
| CVE-2018-18754 | ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password... | | |
| CVE-2018-18755 | K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or th... | E | |
| CVE-2018-18756 | Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.... | E | |
| CVE-2018-18757 | Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different... | E | |
| CVE-2018-18758 | Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vul... | E | |
| CVE-2018-18759 | Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.... | E | |
| CVE-2018-18760 | RhinOS 3.0 build 1190 allows CSRF.... | E | |
| CVE-2018-18761 | SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.... | E | |
| CVE-2018-18762 | SaltOS 3.1 r8126 contains a database download vulnerability.... | E | |
| CVE-2018-18763 | SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.... | E | |
| CVE-2018-18764 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality o... | E | |
| CVE-2018-18765 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality o... | E | |
| CVE-2018-18766 | An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9... | | |
| CVE-2018-18767 | An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed... | E | |
| CVE-2018-18771 | An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\Defa... | | |
| CVE-2018-18772 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?mod... | E | |
| CVE-2018-18773 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?mod... | E | |
| CVE-2018-18774 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php ... | E | |
| CVE-2018-18775 | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cr... | E | |
| CVE-2018-18776 | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cr... | E | |
| CVE-2018-18777 | Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (i... | E | |
| CVE-2018-18778 | ACME mini_httpd before 1.30 lets remote users read arbitrary files.... | | |
| CVE-2018-18781 | DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.... | E | |
| CVE-2018-18782 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.... | E | |
| CVE-2018-18783 | XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.... | | |
| CVE-2018-18784 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag p... | E | |
| CVE-2018-18785 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie t... | E | |
| CVE-2018-18786 | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.... | E | |
| CVE-2018-18787 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.... | E | |
| CVE-2018-18788 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablenam... | E | |
| CVE-2018-18789 | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to z... | E | |
| CVE-2018-18790 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclass... | E | |
| CVE-2018-18791 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.... | E | |
| CVE-2018-18792 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.... | E | |
| CVE-2018-18793 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=phot... | E | |
| CVE-2018-18794 | School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.... | E | |
| CVE-2018-18795 | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id... | E | |
| CVE-2018-18796 | Library Management System 1.0 has SQL Injection via the "Search for Books" screen.... | E | |
| CVE-2018-18797 | School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.... | E | |
| CVE-2018-18798 | Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=... | E | |
| CVE-2018-18799 | School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.... | E | |
| CVE-2018-18800 | The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q... | E | |
| CVE-2018-18801 | The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.p... | E | |
| CVE-2018-18802 | The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?acti... | E | |
| CVE-2018-18803 | Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb ... | E | |
| CVE-2018-18804 | Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunct... | E | |
| CVE-2018-18805 | Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.... | E | |
| CVE-2018-18806 | School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include... | E | |
| CVE-2018-18807 | TIBCO Statistica Server Vulnerable to Cross Site Scripting | S | |
| CVE-2018-18808 | TIBCO JasperReports Server Privilege Escalation Via Race Condition | S | |
| CVE-2018-18809 | TIBCO JasperReports Library Directory Traversal Vulnerability | KEV E S | |
| CVE-2018-18810 | TIBCO Managed File Transfer Credentials Disclosure | S | |
| CVE-2018-18811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2018-18812 | TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library | S | |
| CVE-2018-18813 | TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities | S | |
| CVE-2018-18814 | TIBCO Spotfire Authentication Vulnerability | S | |
| CVE-2018-18815 | TIBCO JasperReports Server User Information Disclosure | S | |
| CVE-2018-18816 | TIBCO JasperReports Persistent Cross Site Scripting Vulnerability | S | |
| CVE-2018-18817 | The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlie... | | |
| CVE-2018-18819 | A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and e... | | |
| CVE-2018-18820 | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If t... | S | |
| CVE-2018-18822 | Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.... | E | |
| CVE-2018-18823 | WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.... | E | |
| CVE-2018-18824 | WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.... | E | |
| CVE-2018-18825 | Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. ... | | |
| CVE-2018-18826 | There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, whi... | E | |
| CVE-2018-18827 | There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which all... | E | |
| CVE-2018-18828 | There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, wh... | E | |
| CVE-2018-18829 | There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, whi... | E | |
| CVE-2018-18830 | An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the up... | | |
| CVE-2018-18831 | An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker c... | | |
| CVE-2018-18832 | admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.... | E | |
| CVE-2018-18834 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encode... | E | |
| CVE-2018-18835 | upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute ar... | E | |
| CVE-2018-18836 | An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter b... | E S | |
| CVE-2018-18837 | An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename... | E S | |
| CVE-2018-18838 | An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence ... | E S | |
| CVE-2018-18839 | An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE... | S | |
| CVE-2018-18840 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_index... | E | |
| CVE-2018-18841 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_index... | E | |
| CVE-2018-18842 | CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows r... | E | |
| CVE-2018-18843 | The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, an... | E S | |
| CVE-2018-18845 | internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advance... | E | |
| CVE-2018-18849 | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an inv... | S | |
| CVE-2018-18850 | In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission t... | | |
| CVE-2018-18852 | Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input vali... | | |
| CVE-2018-18853 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resou... | E | |
| CVE-2018-18854 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resou... | E | |
| CVE-2018-18856 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client thr... | E | |
| CVE-2018-18857 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client thr... | E | |
| CVE-2018-18858 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client thr... | E | |
| CVE-2018-18859 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client thr... | E | |
| CVE-2018-18860 | A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for... | E | |
| CVE-2018-18861 | Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.... | E | |
| CVE-2018-18862 | BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in I... | E | |
| CVE-2018-18863 | NGA ResourceLink 20.0.2.1 allows local file inclusion.... | E | |
| CVE-2018-18864 | Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displaye... | E | |
| CVE-2018-18865 | The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Rel... | E | |
| CVE-2018-18867 | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url paramet... | E | |
| CVE-2018-18868 | No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48... | E | |
| CVE-2018-18869 | EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory trav... | E | |
| CVE-2018-18871 | Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmwar... | E | |
| CVE-2018-18872 | The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title par... | E | |
| CVE-2018-18873 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_pu... | E | |
| CVE-2018-18874 | nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File... | E | |
| CVE-2018-18875 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS)... | | |
| CVE-2018-18876 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory travers... | | |
| CVE-2018-18877 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can acces... | | |
| CVE-2018-18878 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly... | | |
| CVE-2018-18879 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe ... | | |
| CVE-2018-18880 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-... | | |
| CVE-2018-18881 | A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-... | | |
| CVE-2018-18882 | A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instru... | E | |
| CVE-2018-18883 | An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PV... | S | |
| CVE-2018-18886 | Helpy v2.1.0 has Stored XSS via the Ticket title.... | | |
| CVE-2018-18887 | S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type fi... | E | |
| CVE-2018-18888 | An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileContr... | E | |
| CVE-2018-18890 | MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid... | E | |
| CVE-2018-18891 | MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentica... | E | |
| CVE-2018-18892 | MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which af... | E | |
| CVE-2018-18893 | Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/Jinja... | S | |
| CVE-2018-18894 | Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal v... | | |
| CVE-2018-18895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candida... | R | |
| CVE-2018-18897 | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil... | E | |
| CVE-2018-18898 | The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of se... | | |
| CVE-2018-18903 | Vanilla 2.6.x before 2.6.4 allows remote code execution.... | E | |
| CVE-2018-18907 | An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is su... | | |
| CVE-2018-18908 | The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over ... | E | |
| CVE-2018-18909 | xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the e... | E | |
| CVE-2018-18912 | An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vul... | E | |
| CVE-2018-18913 | Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker ca... | | |
| CVE-2018-18915 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27... | E S | |
| CVE-2018-18919 | The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.... | E | |
| CVE-2018-18920 | Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation... | E | |
| CVE-2018-18921 | PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.... | E S | |
| CVE-2018-18922 | add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an act... | E | |
| CVE-2018-18923 | AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters na... | E | |
| CVE-2018-18924 | The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by upl... | E | |
| CVE-2018-18925 | Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demo... | S | |
| CVE-2018-18926 | Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. T... | S | |
| CVE-2018-18927 | An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attri... | E | |
| CVE-2018-18928 | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::D... | S | |
| CVE-2018-18929 | The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default ... | E | |
| CVE-2018-18930 | The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vul... | E | |
| CVE-2018-18931 | An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to in... | E | |
| CVE-2018-18933 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.108... | S | |
| CVE-2018-18934 | An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/rou... | E | |
| CVE-2018-18935 | An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&ac... | E | |
| CVE-2018-18936 | An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arb... | E | |
| CVE-2018-18937 | An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getVa... | E | |
| CVE-2018-18938 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an o... | E | |
| CVE-2018-18939 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a se... | E | |
| CVE-2018-18940 | servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS ... | E | |
| CVE-2018-18941 | In Vignette Content Management version 6, it is possible to gain remote access to administrator priv... | E | |
| CVE-2018-18942 | In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitra... | E | |
| CVE-2018-18943 | An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload... | E | |
| CVE-2018-18944 | Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.... | E | |
| CVE-2018-18949 | Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.... | | |
| CVE-2018-18950 | KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can brow... | E | |
| CVE-2018-18952 | JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.... | E | |
| CVE-2018-18954 | The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or re... | S | |
| CVE-2018-18955 | In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allo... | E S | |
| CVE-2018-18956 | The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote atta... | | |
| CVE-2018-18957 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuff... | E | |
| CVE-2018-18958 | OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.... | | |
| CVE-2018-18959 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devic... | E | |
| CVE-2018-18960 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devic... | E | |
| CVE-2018-18963 | Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the... | E | |
| CVE-2018-18964 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The ... | | |
| CVE-2018-18965 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The ... | | |
| CVE-2018-18966 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The ... | | |
| CVE-2018-18975 | An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker ... | E | |
| CVE-2018-18976 | An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019... | E | |
| CVE-2018-18977 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. ... | E | |
| CVE-2018-18978 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. ... | E | |
| CVE-2018-18979 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. ... | E | |
| CVE-2018-18980 | An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configurati... | E | |
| CVE-2018-18981 | In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated atta... | | |
| CVE-2018-18982 | NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL cha... | E | |
| CVE-2018-18983 | VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is a... | | |
| CVE-2018-18984 | Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers Missing Encryption of Sensitive Data | M | |
| CVE-2018-18985 | Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all ve... | | |
| CVE-2018-18986 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report forma... | | |
| CVE-2018-18987 | VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied inpu... | | |
| CVE-2018-18988 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially... | | |
| CVE-2018-18989 | In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.... | | |
| CVE-2018-18990 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior t... | | |
| CVE-2018-18991 | Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) cou... | | |
| CVE-2018-18992 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation,... | | |
| CVE-2018-18993 | Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and pri... | | |
| CVE-2018-18994 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially ... | | |
| CVE-2018-18995 | Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authenti... | M | |
| CVE-2018-18996 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorizati... | | |
| CVE-2018-18997 | Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthen... | M | |
| CVE-2018-18998 | LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attack... | | |
| CVE-2018-18999 | WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper vali... | |