• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-74

CVE-2018-18992

February 26, 2023 by

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.

CVE-2018-1896

February 26, 2023 by

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker’s domain. IBM X-Force ID: 152456.

CVE-2018-18250

February 26, 2023 by

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single ‘$’ character as the Name of a Navigation item.

CVE-2018-18207

February 26, 2023 by

Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.

CVE-2018-16763

February 26, 2023 by

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

CVE-2018-16627

February 26, 2023 by

panel/login in Kirby v2.5.12 allows Host header injection via the “forget password” feature.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Go to page 7
  • Go to page 8
  • Interim pages omitted …
  • Go to page 94
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE