Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-29 | CVE-2018-11528 | SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | 7.5 |
2018-05-29 | CVE-2018-11523 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo Nvrmini 2 Firmware upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 7.5 |
2018-05-28 | CVE-2018-11516 | Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 |
2018-05-28 | CVE-2018-11309 | SQL Injection vulnerability in Membermouse Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request. | 7.5 |
2018-05-28 | CVE-2018-11506 | Out-of-bounds Write vulnerability in multiple products The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | 7.8 |
2018-05-26 | CVE-2018-6411 | Unrestricted Upload of File with Dangerous Type vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 7.5 |
2018-05-26 | CVE-2018-6410 | SQL Injection vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 7.5 |
2018-05-26 | CVE-2018-11499 | Use After Free vulnerability in Sass-Lang Libsass A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. | 7.5 |
2018-05-26 | CVE-2018-11490 | Improper Validation of Array Index vulnerability in multiple products The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. | 8.8 |
2018-05-26 | CVE-2018-11489 | Improper Validation of Array Index vulnerability in multiple products The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. | 8.8 |