National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 hours 28 min ago

CVE-2018-15857

Sat, 08/25/2018 - 17:29
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
Categories: Security News

CVE-2018-15842

Sat, 08/25/2018 - 17:29
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.
Categories: Security News

CVE-2018-15843

Sat, 08/25/2018 - 17:29
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
Categories: Security News

CVE-2018-15844

Sat, 08/25/2018 - 17:29
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
Categories: Security News

CVE-2018-15845

Sat, 08/25/2018 - 17:29
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
Categories: Security News

CVE-2018-15846

Sat, 08/25/2018 - 17:29
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
Categories: Security News

CVE-2018-15847

Sat, 08/25/2018 - 17:29
An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.
Categories: Security News

CVE-2018-15848

Sat, 08/25/2018 - 17:29
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
Categories: Security News

CVE-2018-15870

Sat, 08/25/2018 - 15:29
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Categories: Security News

CVE-2018-15871

Sat, 08/25/2018 - 15:29
An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Categories: Security News

CVE-2018-15874

Sat, 08/25/2018 - 15:29
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
Categories: Security News

CVE-2018-15875

Sat, 08/25/2018 - 15:29
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
Categories: Security News

CVE-2018-15869

Fri, 08/24/2018 - 20:29
The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier versions) does not require the --owners flag when describing images, which makes it easier for remote attackers to trigger the loading of an undesired AMI by setting similar image properties (i.e., name), as exploited in the wild during August 2018 with a Monero miner AMI instead of the expected Ubuntu AMI.
Categories: Security News

CVE-2018-14059

Fri, 08/24/2018 - 18:29
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
Categories: Security News

CVE-2017-9818

Fri, 08/24/2018 - 17:29
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.
Categories: Security News

CVE-2017-9819

Fri, 08/24/2018 - 17:29
The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.
Categories: Security News

CVE-2017-9820

Fri, 08/24/2018 - 17:29
The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.
Categories: Security News

CVE-2017-9821

Fri, 08/24/2018 - 17:29
The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.
Categories: Security News

CVE-2018-11502

Fri, 08/24/2018 - 17:29
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
Categories: Security News

CVE-2018-11653

Fri, 08/24/2018 - 17:29
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.
Categories: Security News

Pages