Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-26 CVE-2018-15877 OS Command Injection vulnerability in Plainview Activity Monitor Project Plainview Activity Monitor
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. 		8.8
8.8
2018-08-25 CVE-2018-15857 Use After Free vulnerability in multiple products
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
local
low complexity
xkbcommon canonical CWE-416
7.8
7.8
2018-08-25 CVE-2018-15851 Cross-Site Request Forgery (CSRF) vulnerability in Flexocms Project Flexo CMS 0.1.6
An issue was discovered in Flexo CMS v0.1.6.
network
low complexity
flexocms-project CWE-352
8.8
8.8
2018-08-25 CVE-2018-15850 Cross-Site Request Forgery (CSRF) vulnerability in Redaxo CMS 4.7.2
An issue was discovered in REDAXO CMS 4.7.2.
network
low complexity
redaxo CWE-352
8.8
8.8
2018-08-25 CVE-2018-15848 Cross-Site Request Forgery (CSRF) vulnerability in Portfoliocms Project Portfoliocms 1.0.5
An issue was discovered in portfolioCMS 1.0.5.
network
low complexity
portfoliocms-project CWE-352
8.8
8.8
2018-08-25 CVE-2018-15846 Cross-Site Request Forgery (CSRF) vulnerability in Fledrcms Project Fledrcms
An issue was discovered in fledrCMS through 2014-02-03.
network
low complexity
fledrcms-project CWE-352
8.8
8.8
2018-08-25 CVE-2018-15845 Cross-Site Request Forgery (CSRF) vulnerability in Gleezcms Gleez CMS 1.2.0
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
network
low complexity
gleezcms CWE-352
8.8
8.8
2018-08-25 CVE-2018-15844 Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0
An issue was discovered in DamiCMS 6.0.0.
network
low complexity
damicms CWE-352
8.8
8.8
2018-08-24 CVE-2018-15576 Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO
An issue was discovered in EasyLogin Pro through 1.3.0.
network
high complexity
hazzardweb CWE-502
8.1
8.1
2018-08-24 CVE-2018-11654 Information Exposure vulnerability in Seasofsolutions IP Camera Firmware
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
network
low complexity
seasofsolutions CWE-200
7.5
7.5