National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-9859 The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
    Published: June 15, 2018; 09:29:09 PM -04:00

  • CVE-2018-8927 Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
    Published: June 14, 2018; 10:29:00 AM -04:00

  • CVE-2018-6496 Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
    Published: June 15, 2018; 09:29:06 PM -04:00

  • CVE-2018-5718 Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a... read CVE-2018-5718
    Published: June 12, 2018; 12:29:00 PM -04:00

  • CVE-2018-5242 Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain devic... read CVE-2018-5242
    Published: June 13, 2018; 12:29:01 PM -04:00

  • CVE-2018-5185 Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
    Published: June 11, 2018; 05:29:16 PM -04:00

  • CVE-2018-5170 It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 a... read CVE-2018-5170
    Published: June 11, 2018; 05:29:15 PM -04:00

  • CVE-2018-5162 Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
    Published: June 11, 2018; 05:29:15 PM -04:00

  • CVE-2018-5161 Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
    Published: June 11, 2018; 05:29:15 PM -04:00

  • CVE-2018-5157 Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website.... read CVE-2018-5157
    Published: June 11, 2018; 05:29:15 PM -04:00

  • CVE-2018-5153 If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox &... read CVE-2018-5153
    Published: June 11, 2018; 05:29:15 PM -04:00

  • CVE-2018-5147 The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
    Published: June 11, 2018; 05:29:14 PM -04:00

  • CVE-2018-5136 A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.
    Published: June 11, 2018; 05:29:14 PM -04:00

  • CVE-2018-4848 A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspec... read CVE-2018-4848
    Published: June 14, 2018; 12:29:00 PM -04:00

  • CVE-2018-12696 mao10cms 6 allows XSS via the article page.
    Published: June 23, 2018; 05:29:00 PM -04:00

  • CVE-2018-12695 mao10cms 6 allows XSS via the m=bbs&a=index page.
    Published: June 23, 2018; 05:29:00 PM -04:00

  • CVE-2018-12648 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
    Published: June 22, 2018; 09:29:00 AM -04:00

  • CVE-2018-12526 Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
    Published: June 21, 2018; 11:29:00 AM -04:00

  • CVE-2018-12454 The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be re... read CVE-2018-12454
    Published: June 17, 2018; 08:29:00 AM -04:00

  • CVE-2018-12453 Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
    Published: June 16, 2018; 01:29:00 PM -04:00