Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000548 XXE vulnerability in Umlet
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery.
local
low complexity
umlet CWE-611
7.8
2018-06-26 CVE-2018-1000546 XXE vulnerability in Triplea-Game Triplea
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution.
local
low complexity
triplea-game CWE-611
7.8
2018-06-26 CVE-2018-1000542 XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution.
local
low complexity
netbeans-mmd-plugin-project CWE-611
7.8
2018-06-26 CVE-2018-1000540 XXE vulnerability in Loboevolution Project Loboevolution
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery.
local
low complexity
loboevolution-project CWE-611
7.8
2018-06-26 CVE-2018-1000538 Allocation of File Descriptors or Handles Without Limits or Throttling vulnerability in Minio
Minio Inc.
network
low complexity
minio CWE-774
7.5
2018-06-26 CVE-2018-1000535 Information Exposure vulnerability in LMS
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server.
network
low complexity
lms CWE-200
7.5
2018-06-26 CVE-2018-1000531 Improper Input Validation vulnerability in Inversoft Prime-Jwt
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token.
network
low complexity
inversoft CWE-20
7.5
2018-06-26 CVE-2018-1000527 Deserialization of Untrusted Data vulnerability in Froxlor
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution.
network
low complexity
froxlor CWE-502
7.2
2018-06-26 CVE-2018-1000526 XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service.
network
low complexity
openpsa2 CWE-91
7.5
2018-06-26 CVE-2018-1000523 Improper Input Validation vulnerability in Topydo
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences.
network
low complexity
topydo CWE-20
8.1