National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-16164 Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
    Published: January 09, 2019; 06:29:03 PM -05:00

  • CVE-2017-1002152 Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.
    Published: January 10, 2019; 04:29:00 PM -05:00

  • CVE-2019-6249 An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
    Published: January 13, 2019; 10:29:00 AM -05:00

  • CVE-2019-6294 An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
    Published: January 15, 2019; 09:29:00 AM -05:00

  • CVE-2018-18928 International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
    Published: November 04, 2018; 03:29:00 PM -05:00

  • CVE-2018-5412 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
    Published: January 10, 2019; 05:29:00 PM -05:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-0641 Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.
    Published: January 09, 2019; 06:29:01 PM -05:00

  • CVE-2018-0640 Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.
    Published: January 09, 2019; 06:29:01 PM -05:00

  • CVE-2018-20612 UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
    Published: December 30, 2018; 04:29:00 PM -05:00

  • CVE-2019-5312 An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
    Published: January 04, 2019; 11:29:00 AM -05:00

  • CVE-2018-20318 An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
    Published: December 20, 2018; 07:29:00 PM -05:00

  • CVE-2019-5882 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
    Published: January 09, 2019; 06:29:05 PM -05:00

  • CVE-2016-10403 Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
    Published: January 09, 2019; 02:29:00 PM -05:00

  • CVE-2018-4047 An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4045 An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4044 An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4042 An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4041 An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4037 The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root.
    Published: January 10, 2019; 10:29:00 AM -05:00

  • CVE-2018-4036 The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system.
    Published: January 10, 2019; 10:29:00 AM -05:00