Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-29 | CVE-2018-10528 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibRaw 0.18.9. | 8.8 |
| 2018-04-28 | CVE-2018-10468 | Improper Input Validation vulnerability in Uetoken Useless Ethereum Token The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | 7.5 |
| 2018-04-28 | CVE-2017-18263 | Path Traversal vulnerability in Seagate Personal Cloud Firmware 4.3.16.0/4.3.18.0 Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | 7.5 |
| 2018-04-27 | CVE-2018-10519 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. | 8.8 |
| 2018-04-27 | CVE-2018-10517 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | 7.2 |
| 2018-04-27 | CVE-2018-10515 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | 7.2 |
| 2018-04-27 | CVE-2018-7669 | Path Traversal vulnerability in Sitecore Sitecore.Net An issue was discovered in Sitecore Sitecore.NET 8.1 rev. | 7.5 |
| 2018-04-27 | CVE-2018-10504 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 |
| 2018-04-27 | CVE-2018-10503 | Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 41420170105 An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. | 8.8 |
| 2018-04-27 | CVE-2014-1846 | Permissions, Privileges, and Access Controls vulnerability in Enlightenment Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | 7.8 |