Vulnerabilities (CVE)

Total 23421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7747 1 Dbninja 1 Dbninja 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
CVE-2017-7467 1 Minicom Project 1 Minicom 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
CVE-2019-6259 1 Icmsdev 1 Icms 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2018-14417 1 Softnas 1 Cloud 2023-12-10 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
CVE-2018-12544 1 Eclipse 1 Vert.x 2023-12-10 7.5 HIGH 9.8 CRITICAL
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
CVE-2018-20779 1 Traq 1 Traq 2023-12-10 7.5 HIGH 9.8 CRITICAL
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
CVE-2018-13316 1 Totolink 2 A3002ru, A3002ru Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
CVE-2019-8908 1 Wtcms Project 1 Wtcms 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.
CVE-2018-5915 1 Qualcomm 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130
CVE-2018-15959 1 Adobe 1 Coldfusion 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15152 1 Open-emr 1 Openemr 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVE-2018-14749 1 Qnap 1 Qts 2023-12-10 7.5 HIGH 9.8 CRITICAL
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
CVE-2019-7743 1 Joomla 1 Joomla\! 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
CVE-2018-14817 1 Fujielectric 2 V-server, V-server Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-20748 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
CVE-2018-14592 1 Cwjoomla 2 Cw Article Attachments Free, Cw Article Attachments Pro 2023-12-10 7.5 HIGH 9.8 CRITICAL
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2014-10075 1 Karo Project 1 Karo 2023-12-10 7.5 HIGH 9.8 CRITICAL
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
CVE-2018-16385 1 Thinkphp 1 Thinkphp 2023-12-10 7.5 HIGH 9.8 CRITICAL
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
CVE-2018-0718 1 Qnap 2 Music Station, Qts 2023-12-10 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2018-17894 1 Nuuo 1 Nuuo Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.