Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-26 | CVE-2018-1000548 | XXE vulnerability in Umlet Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. | 7.8 |
2018-06-26 | CVE-2018-1000546 | XXE vulnerability in Triplea-Game Triplea Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 7.8 |
2018-06-26 | CVE-2018-1000542 | XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3 netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. | 7.8 |
2018-06-26 | CVE-2018-1000540 | XXE vulnerability in Loboevolution Project Loboevolution LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. | 7.8 |
2018-06-26 | CVE-2018-1000538 | Allocation of File Descriptors or Handles Without Limits or Throttling vulnerability in Minio Minio Inc. | 7.5 |
2018-06-26 | CVE-2018-1000535 | Information Exposure vulnerability in LMS lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. | 7.5 |
2018-06-26 | CVE-2018-1000531 | Improper Input Validation vulnerability in Inversoft Prime-Jwt inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. | 7.5 |
2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 7.2 |
2018-06-26 | CVE-2018-1000526 | XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. | 7.5 |
2018-06-26 | CVE-2018-1000523 | Improper Input Validation vulnerability in Topydo topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. | 8.1 |