Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-02 | CVE-2018-16333 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn products An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 7.5 |
| 2018-09-02 | CVE-2018-16332 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.9 An issue was discovered in iCMS 7.0.9. | 8.8 |
| 2018-09-02 | CVE-2018-16331 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | 8.8 |
| 2018-09-01 | CVE-2018-16320 | Path Traversal vulnerability in Idreamsoft Icms 7.0.11 idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | 7.2 |
| 2018-09-01 | CVE-2018-16314 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. | 8.8 |
| 2018-09-01 | CVE-2018-16308 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | 8.6 |
| 2018-09-01 | CVE-2018-16303 | XXE vulnerability in Pdf-Xchange Editor PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | 7.5 |
| 2018-09-01 | CVE-2018-16302 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mc1Soft Zip-N-Go MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. | 7.8 |
| 2018-09-01 | CVE-2018-15514 | Deserialization of Untrusted Data vulnerability in Docker HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. | 8.8 |
| 2018-08-31 | CVE-2018-6257 | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. | 7.0 |