| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2018-19000 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an at... | | |
| CVE-2018-19001 | Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is no... | M | |
| CVE-2018-19002 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when ope... | | |
| CVE-2018-19003 | GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions... | | |
| CVE-2018-19004 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially cra... | | |
| CVE-2018-19005 | Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identif... | | |
| CVE-2018-19006 | OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-... | | |
| CVE-2018-19007 | In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Netw... | M | |
| CVE-2018-19008 | The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability ... | | |
| CVE-2018-19009 | Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access... | | |
| CVE-2018-19010 | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and... | | |
| CVE-2018-19011 | CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file.... | | |
| CVE-2018-19012 | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and... | | |
| CVE-2018-19013 | An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervi... | | |
| CVE-2018-19014 | Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and... | | |
| CVE-2018-19015 | An attacker could inject commands to launch programs and create, write, and read files on CX-Supervi... | M | |
| CVE-2018-19016 | Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and... | | |
| CVE-2018-19017 | Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prio... | | |
| CVE-2018-19018 | An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could le... | M | |
| CVE-2018-19019 | A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 ... | M | |
| CVE-2018-19020 | When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of a... | M | |
| CVE-2018-19021 | A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV D... | | |
| CVE-2018-19023 | Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-trans... | | |
| CVE-2018-19025 | In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which ... | | |
| CVE-2018-19027 | Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Version... | | |
| CVE-2018-19029 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project f... | | |
| CVE-2018-19031 | A command injection vulnerability exists when the authorized user passes crafted parameter to backgr... | | |
| CVE-2018-19036 | An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicio... | S | |
| CVE-2018-19037 | On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of servic... | E | |
| CVE-2018-19039 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files ... | S | |
| CVE-2018-19040 | The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory trave... | E | |
| CVE-2018-19041 | The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_... | E | |
| CVE-2018-19042 | The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory... | E | |
| CVE-2018-19043 | The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from... | E | |
| CVE-2018-19044 | keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon... | E S | |
| CVE-2018-19045 | keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintS... | E S | |
| CVE-2018-19046 | keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a ... | S | |
| CVE-2018-19047 | mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as de... | E | |
| CVE-2018-19048 | Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.... | E S | |
| CVE-2018-19050 | MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.... | E | |
| CVE-2018-19051 | MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.... | E | |
| CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Ther... | E | |
| CVE-2018-19053 | PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename i... | E | |
| CVE-2018-19056 | pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled dur... | E | |
| CVE-2018-19057 | SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input wit... | E | |
| CVE-2018-19058 | An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni... | E | |
| CVE-2018-19059 | An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSp... | E | |
| CVE-2018-19060 | An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, w... | E | |
| CVE-2018-19061 | DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.... | E | |
| CVE-2018-19063 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19064 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19065 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19066 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19067 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19068 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19069 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19070 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19071 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19072 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19073 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19074 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19075 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19076 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware ... | E | |
| CVE-2018-19077 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19078 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19079 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19080 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19081 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19082 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F... | E | |
| CVE-2018-19083 | WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_d... | E | |
| CVE-2018-19084 | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an a... | E | |
| CVE-2018-19085 | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an a... | E | |
| CVE-2018-19086 | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an a... | E | |
| CVE-2018-19087 | RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an a... | E | |
| CVE-2018-19089 | tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role nam... | E | |
| CVE-2018-19090 | tianti 2.3 has stored XSS in the article management module via an article title.... | E | |
| CVE-2018-19091 | tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list use... | E | |
| CVE-2018-19092 | An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string... | E | |
| CVE-2018-19093 | An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminati... | E | |
| CVE-2018-19104 | In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary fil... | E | |
| CVE-2018-19105 | LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violati... | E | |
| CVE-2018-19106 | Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.... | | |
| CVE-2018-19107 | In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image read... | S | |
| CVE-2018-19108 | In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from... | S | |
| CVE-2018-19109 | tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting ... | E | |
| CVE-2018-19110 | The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permi... | E | |
| CVE-2018-19111 | The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext... | | |
| CVE-2018-19113 | The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "... | E | |
| CVE-2018-19114 | An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploadin... | | |
| CVE-2018-19115 | keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in... | S | |
| CVE-2018-19118 | Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service... | | |
| CVE-2018-19120 | The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound ... | | |
| CVE-2018-19121 | An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.... | E | |
| CVE-2018-19122 | An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket... | E | |
| CVE-2018-19124 | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to writ... | S | |
| CVE-2018-19125 | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image... | E S | |
| CVE-2018-19126 | PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitra... | E S | |
| CVE-2018-19127 | A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary conte... | | |
| CVE-2018-19128 | In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that al... | | |
| CVE-2018-19129 | In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in... | | |
| CVE-2018-19130 | In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that all... | E | |
| CVE-2018-19131 | Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for ce... | S | |
| CVE-2018-19132 | Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.... | S | |
| CVE-2018-19133 | In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.... | S | |
| CVE-2018-19134 | In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types... | E | |
| CVE-2018-19135 | ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Thi... | E | |
| CVE-2018-19136 | DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.... | E | |
| CVE-2018-19137 | DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.... | E | |
| CVE-2018-19138 | WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.... | E | |
| CVE-2018-19139 | An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jp... | E | |
| CVE-2018-19141 | Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to con... | S | |
| CVE-2018-19142 | Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a... | | |
| CVE-2018-19143 | Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 ... | S | |
| CVE-2018-19145 | An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword p... | E | |
| CVE-2018-19146 | Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files ... | E | |
| CVE-2018-19148 | Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for... | E S | |
| CVE-2018-19149 | Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from pop... | E | |
| CVE-2018-19150 | Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remo... | E | |
| CVE-2018-19151 | qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. T... | | |
| CVE-2018-19152 | emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service... | | |
| CVE-2018-19153 | particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service... | | |
| CVE-2018-19154 | HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of servic... | | |
| CVE-2018-19155 | navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of servic... | | |
| CVE-2018-19156 | PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service,... | | |
| CVE-2018-19157 | Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of servic... | | |
| CVE-2018-19158 | ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of... | S | |
| CVE-2018-19159 | lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, e... | | |
| CVE-2018-19160 | Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of serv... | | |
| CVE-2018-19161 | alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, ex... | | |
| CVE-2018-19162 | Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, ... | | |
| CVE-2018-19163 | stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of ser... | | |
| CVE-2018-19164 | reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of ser... | | |
| CVE-2018-19165 | neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service... | | |
| CVE-2018-19166 | peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of servi... | | |
| CVE-2018-19167 | CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of se... | | |
| CVE-2018-19168 | Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) t... | | |
| CVE-2018-19170 | In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tom... | E | |
| CVE-2018-19178 | In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via ... | E | |
| CVE-2018-19180 | statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows re... | E | |
| CVE-2018-19181 | statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the s... | E | |
| CVE-2018-19182 | Engelsystem before commit hash 2e28336 allows CSRF.... | S | |
| CVE-2018-19183 | ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) vi... | E | |
| CVE-2018-19184 | cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SE... | E | |
| CVE-2018-19185 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encode... | E | |
| CVE-2018-19186 | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php ... | E | |
| CVE-2018-19187 | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary p... | E | |
| CVE-2018-19188 | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.ph... | E | |
| CVE-2018-19189 | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary p... | E | |
| CVE-2018-19190 | The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php ... | E | |
| CVE-2018-19191 | Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cg... | E | |
| CVE-2018-19192 | An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as de... | E | |
| CVE-2018-19193 | An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news... | E | |
| CVE-2018-19194 | An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure... | E | |
| CVE-2018-19195 | An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_produ... | E | |
| CVE-2018-19196 | An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by... | E | |
| CVE-2018-19197 | An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary director... | E | |
| CVE-2018-19198 | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a ur... | S | |
| CVE-2018-19199 | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriCo... | S | |
| CVE-2018-19200 | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL i... | S | |
| CVE-2018-19201 | A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attack... | | |
| CVE-2018-19202 | A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to i... | | |
| CVE-2018-19203 | PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PR... | | |
| CVE-2018-19204 | PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write pri... | | |
| CVE-2018-19205 | Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for... | | |
| CVE-2018-19206 | steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of |