National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-10321 Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
    Published: April 24, 2018; 02:29:00 AM -04:00

  • CVE-2018-10320 Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10319 Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10318 Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2017-1786 IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-1764 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
    Published: April 23, 2018; 09:29:00 AM -04:00

    V3: 7.0 HIGH
    V2: 1.9 LOW

  • CVE-2017-1486 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... read CVE-2017-1486
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2018-10298 Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
    Published: April 22, 2018; 11:29:00 AM -04:00

  • CVE-2018-10297 Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
    Published: April 22, 2018; 11:29:00 AM -04:00

  • CVE-2018-10254 Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a craft... read CVE-2018-10254
    Published: April 21, 2018; 12:29:00 PM -04:00

  • CVE-2018-10253 Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
    Published: April 20, 2018; 10:29:00 PM -04:00

  • CVE-2018-9059 Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
    Published: April 20, 2018; 05:29:01 PM -04:00

  • CVE-2018-7747 Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log,... read CVE-2018-7747
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10176 Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10175 Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10174 Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-o... read CVE-2018-10174
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10173 Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.
    Published: April 20, 2018; 05:29:00 PM -04:00

    V3: 8.8 HIGH
    V2: 9.0 HIGH

  • CVE-2018-10079 Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
    Published: April 20, 2018; 05:29:00 PM -04:00

    V3: 7.8 HIGH
    V2: 2.1 LOW

  • CVE-2018-10078 Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10077 XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
    Published: April 20, 2018; 05:29:00 PM -04:00