Export limit exceeded: 347279 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347279 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347279 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14081 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | ||||
| CVE-2018-14080 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file. | ||||
| CVE-2018-14079 | 1 Wi2be | 2 Smart Hp, Smart Hp Wmt | 2024-11-21 | N/A |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. | ||||
| CVE-2018-14078 | 1 Wi2be | 1 Smart Hp Wmt | 2024-11-21 | N/A |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | ||||
| CVE-2018-14077 | 1 Wi2be | 1 Smart Hp Wmt | 2024-11-21 | N/A |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | ||||
| CVE-2018-14071 | 1 Cyberhobo | 1 Geo Mashup | 2024-11-21 | N/A |
| The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. | ||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | ||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | ||||
| CVE-2018-14067 | 1 Greenpacket | 2 Dv-360, Dv-360 Firmware | 2024-11-21 | 9.8 Critical |
| Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | ||||
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | N/A |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | ||||
| CVE-2018-14065 | 1 Phpoffice Project | 1 Common | 2024-11-21 | N/A |
| XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. | ||||
| CVE-2018-14064 | 1 Velotismart Project | 2 Velotismart Wifi, Velotismart Wifi Firmware | 2024-11-21 | N/A |
| The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. | ||||
| CVE-2018-14063 | 1 Tracto | 1 Tracto | 2024-11-21 | N/A |
| The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow. | ||||
| CVE-2018-14062 | 1 Cospas-sarsat | 1 Cospas-sarsat System | 2024-11-21 | N/A |
| The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal. | ||||
| CVE-2018-14060 | 1 Mi | 2 Xiaomi R3d, Xiaomi R3d Firmware | 2024-11-21 | N/A |
| OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | ||||
| CVE-2018-14059 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | ||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | ||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | ||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | ||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | ||||