Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-0584 | Information Exposure vulnerability in IIJ Smartkey 2.1.0 IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | 7.5 |
| 2018-06-26 | CVE-2018-0572 | Unspecified vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. | 8.1 |
| 2018-06-26 | CVE-2018-0569 | OS Command Injection vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2018-06-26 | CVE-2018-0563 | Untrusted Search Path vulnerability in Ntt-East products Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2018-06-25 | CVE-2018-12603 | Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0 Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | 8.8 |
| 2018-06-25 | CVE-2018-12735 | Information Exposure vulnerability in Saj-Electric SAJ Solar Inverter SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | 7.5 |
| 2018-06-25 | CVE-2018-12602 | Cross-Site Request Forgery (CSRF) vulnerability in Lfdycms Lfcms 3.7.0 A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | 8.8 |
| 2018-06-25 | CVE-2018-11040 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. | 7.5 |
| 2018-06-25 | CVE-2018-10956 | Path Traversal vulnerability in Ipconfigure Orchid Core VMS 2.0.5 IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. | 7.5 |
| 2018-06-25 | CVE-2017-9312 | Improper Input Validation vulnerability in Rockwellautomation Allen-Bradley L30Erms Firmware 30 Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. | 7.5 |