Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-10127 | Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms Project Xyhcms 3.5 An issue was discovered in XYHCMS 3.5. | 8.8 |
| 2018-04-16 | CVE-2016-9593 | Credentials Management vulnerability in multiple products foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. | 8.8 |
| 2018-04-16 | CVE-2018-0562 | Untrusted Search Path vulnerability in Coderium Soundengine 5.21 Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2018-04-16 | CVE-2018-0561 | Untrusted Search Path vulnerability in Securebrain Phishwall 3.7.15 Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. | 7.8 |
| 2018-04-16 | CVE-2018-0530 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2018-04-16 | CVE-2018-9153 | Unrestricted Upload of File with Dangerous Type vulnerability in Zblogcn Z-Blogphp 1.5.1 The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. | 7.2 |
| 2018-04-16 | CVE-2018-10122 | Path Traversal vulnerability in Chanzhi Pro1.6 QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php. | 7.5 |
| 2018-04-16 | CVE-2018-10120 | Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | 7.8 |
| 2018-04-16 | CVE-2018-10119 | Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | 7.8 |
| 2018-04-16 | CVE-2018-10117 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.7 An issue was discovered in idreamsoft iCMS V7.0.7. | 8.8 |