Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-06 CVE-2017-1000600 Improper Input Validation vulnerability in Wordpress
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution.
network
low complexity
wordpress CWE-20
8.8
8.8
2018-09-05 CVE-2018-16552 Cross-Site Request Forgery (CSRF) vulnerability in Micropyramid Django CRM 0.2
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
network
low complexity
micropyramid CWE-352
8.8
8.8
2018-09-05 CVE-2018-16307 Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices.
network
low complexity
mi CWE-200
7.5
7.5
2018-09-05 CVE-2018-16146 OS Command Injection vulnerability in Opsview 5.4.0/5.4.1
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events.
network
low complexity
opsview CWE-78
7.2
7.2
2018-09-05 CVE-2018-16145 Incorrect Permission Assignment for Critical Resource vulnerability in Opsview
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.
network
high complexity
opsview CWE-732
8.1
8.1
2018-09-05 CVE-2018-15682 Cross-Site Request Forgery (CSRF) vulnerability in Btiteam Xbtit 2.5.4
An issue was discovered in BTITeam XBTIT.
network
low complexity
btiteam CWE-352
8.8
8.8
2018-09-05 CVE-2018-14771 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
network
low complexity
vivotek
8.8
8.8
2018-09-05 CVE-2018-14770 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
network
low complexity
vivotek
8.8
8.8
2018-09-05 CVE-2018-14769 Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
network
low complexity
vivotek CWE-352
8.8
8.8
2018-09-05 CVE-2018-16436 SQL Injection vulnerability in Gxlcms 2.0
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
network
low complexity
gxlcms CWE-89
7.2
7.2