National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-10321 Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
    Published: April 24, 2018; 02:29:00 AM -04:00

  • CVE-2018-10320 Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10319 Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2018-10318 Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
    Published: April 23, 2018; 10:29:00 PM -04:00

  • CVE-2017-1786 IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2017-1764 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
    Published: April 23, 2018; 09:29:00 AM -04:00

    V3: 7.0 HIGH
    V2: 1.9 LOW

  • CVE-2017-1486 IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... read CVE-2017-1486
    Published: April 23, 2018; 09:29:00 AM -04:00

  • CVE-2018-10298 Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
    Published: April 22, 2018; 11:29:00 AM -04:00

  • CVE-2018-10297 Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
    Published: April 22, 2018; 11:29:00 AM -04:00

  • CVE-2018-10254 Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a craft... read CVE-2018-10254
    Published: April 21, 2018; 12:29:00 PM -04:00

  • CVE-2018-10078 Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10077 XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2014-0883 Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user... read CVE-2014-0883
    Published: April 20, 2018; 05:29:00 PM -04:00

  • CVE-2018-10250 iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
    Published: April 20, 2018; 02:29:00 PM -04:00

  • CVE-2018-10248 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
    Published: April 20, 2018; 01:29:00 PM -04:00

  • CVE-2018-10245 A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl f... read CVE-2018-10245
    Published: April 20, 2018; 01:29:00 PM -04:00

  • CVE-2018-0242 A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of a... read CVE-2018-0242
    Published: April 19, 2018; 04:29:00 PM -04:00

  • CVE-2018-10230 Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
    Published: April 19, 2018; 12:29:00 PM -04:00

  • CVE-2018-10188 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
    Published: April 19, 2018; 10:29:00 AM -04:00

  • CVE-2018-1146 A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
    Published: April 19, 2018; 09:29:00 AM -04:00