...
by GitHub
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18075 | Cri | 0.64 | 9.8 | 0.02 | Oct 9, 2018 | WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||
| CVE-2017-18215 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. | ||
| CVE-2026-44451 | Cri | 0.60 | 9.3 | 0.00 | May 26, 2026 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator… | ||
| CVE-2018-18735 | Hig | 0.57 | 8.8 | 0.01 | Oct 29, 2018 | A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | ||
| CVE-2018-10778 | Hig | 0.51 | 7.8 | 0.01 | May 7, 2018 | Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and… | ||
| CVE-2024-42018 | Hig | 0.50 | 7.7 | 0.00 | Oct 11, 2024 | An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC… | ||
| CVE-2018-12025 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2018 | The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is… | ||
| CVE-2025-1595 | Med | 0.35 | 5.3 | 0.01 | Feb 23, 2025 | A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated… |
- risk 0.64cvss 9.8epss 0.02
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
- risk 0.64cvss 9.8epss 0.02
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.
- risk 0.60cvss 9.3epss 0.00
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator…
- risk 0.57cvss 8.8epss 0.01
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
- risk 0.51cvss 7.8epss 0.01
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and…
- risk 0.50cvss 7.7epss 0.00
An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC…
- risk 0.49cvss 7.5epss 0.02
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is…
- risk 0.35cvss 5.3epss 0.01
A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated…