Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 54분 3초 지남

CVE-2018-18937

월, 2018/11/05 - 6:29오후
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.

CVE-2018-18938

월, 2018/11/05 - 6:29오후
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.

CVE-2018-18939

월, 2018/11/05 - 6:29오후
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.

CVE-2018-18942

월, 2018/11/05 - 6:29오후
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.

CVE-2018-18943

월, 2018/11/05 - 6:29오후
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.

CVE-2018-18949

월, 2018/11/05 - 6:29오후
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

CVE-2018-18950

월, 2018/11/05 - 6:29오후
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

CVE-2018-18952

월, 2018/11/05 - 6:29오후
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.

CVE-2018-18928

월, 2018/11/05 - 5:29오전
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

CVE-2018-18919

일, 2018/11/04 - 3:29오후
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.

CVE-2018-18924

일, 2018/11/04 - 3:29오후
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.

CVE-2018-18925

일, 2018/11/04 - 3:29오후
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.

CVE-2018-18926

일, 2018/11/04 - 3:29오후
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.

CVE-2018-18927

일, 2018/11/04 - 3:29오후
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.

페이지