Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002...Show more |
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002...Show more |
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. |
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. |
2Canonical Tats2Ubuntu Linux W3mJun 17, 2026 Jan 25, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. |
2Canonical Tats2Ubuntu Linux W3mJun 17, 2026 Jan 25, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. |
1Splashing Images Project 1Splashing Images Jun 17, 2026 Jan 30, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object In...Show more |
1Splashing Images Project 1Splashing Images Jun 17, 2026 Jan 30, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web...Show more |
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. |
2Artifex Debian2Debian Linux MupdfJun 17, 2026 Jan 24, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. |
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. |
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. |
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested...Show more |
2Canonical Djangoproject2Django Ubuntu LinuxJun 17, 2026 Feb 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allow...Show more |
2Artifex Debian2Debian Linux MupdfJun 17, 2026 Jan 24, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of servic...Show more |
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote...Show more |
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. |
BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users...Show more |
Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but...Show more |
1Themashabrand 1Online Voting Platform Jun 17, 2026 Feb 8, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. |
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL...Show more |
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. |
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. |
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the par...Show more |
1Silextechnology 2Geh Sd 320an Firmware Sd 320an FirmwareJun 17, 2026 May 9, 2018 N/A· v4 7.4 HIGH· v3 6.5 MEDIUM· v2 Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. |