CNA 2018

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined16
Thomson6
Vaerys-Dawn2
l2c2technologies1
blockmason1

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Thomson TCW7106
uTorrent4
Vaerys-Dawn DiscordSailv22
l2c2technologies Koha1
blockmason credit-protocol1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix49
Temporary Fix0
Workaround7
Unavailable1
Not Defined0

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional4
Proof-of-Concept9
Unproven0
Not Defined44

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local1
Adjacent19
Network37

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High2
Low44
None11

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required31
None26

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤33
≤429
≤59
≤69
≤76
≤81
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k11
<2k46
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
261677l2c2technologies Koha opac-MARCdetail.pl cross site scriptingVulDBVulDB04/20/202404/20/2024CVE-2018-25101
 
accepted
252799blockmason credit-protocol UCAC CreditProtocol.sol executeUcacTx denial of serviceVulDBVulDB02/03/202402/25/2024CVE-2018-25098
 
accepted
249420Acumos Design Studio cross site scriptingVulDBVulDB12/31/202301/22/2024CVE-2018-25097
 
accepted
249191MdAlAmin-aol Own Health Record logout.php cross-site request forgeryVulDBVulDB12/28/202301/20/2024CVE-2018-25096
 
accepted
246641ระบบบัญชีออนไลน์ Online Accounting System image.php path traversalVulDBVulDB12/02/202312/22/2023CVE-2018-25094
 
accepted
244484Vaerys-Dawn DiscordSailv2 Tag access controlVulDBVulDB11/04/202312/02/2023CVE-2018-25093
 
accepted
244483Vaerys-Dawn DiscordSailv2 Command Mention access controlVulDBVulDB11/04/202312/02/2023CVE-2018-25092
 
accepted
238157glb Meetup Tag Extension Link Attribute reverse tabnabbingVulDBVulDB08/26/202309/20/2023CVE-2018-25089
 
accepted
234246Blue Yonder postgraas_server PostgreSQL Backend postgres_cluster_driver.py create_postgres_db sql injectionVulDBVulDB07/16/202308/06/2023CVE-2018-25088
 
accepted
230662Arborator Server project.cgi start denial of serviceVulDBVulDB06/03/202306/30/2023CVE-2018-25087
 
accepted
230235sea75300 FanPress CM Template Preview templatepreview.php getArticlesPreview cross site scriptingVulDBVulDB05/30/202306/24/2023CVE-2018-25086
 
accepted
227755Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scriptingVulDBVulDB04/29/202305/24/2023CVE-2018-25085
 
accepted
225362Ping Identity Self-Service Account Manager SSAMController.java cross site scriptingVulDBVulDB04/09/202304/26/2023CVE-2018-25084
 
accepted
223403zwczou WeChat SDK Python to_xml xml external entity referenceVulDBVulDB03/19/202304/12/2023CVE-2018-25082
 
accepted
220061MobileDetect Example session_example.php initLayoutType cross site scriptingVulDBVulDB02/02/202303/04/2023CVE-2018-25080
 
accepted
220058Segmentio is-url index.js redosVulDBVulDB02/02/202303/04/2023CVE-2018-25079
 
accepted
218456melnaron mel-spintax spintax.js redosVulDBVulDB01/16/202302/09/2023CVE-2018-25077
 
accepted
218395Events Extension events.php searchResults sql injectionVulDBVulDB01/15/202302/07/2023CVE-2018-25076
 
accepted
218376karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injectionVulDBVulDB01/14/202302/07/2023CVE-2018-25075
 
accepted
218003Prestaul skeemas base.js redosVulDBVulDB01/11/202302/01/2023CVE-2018-25074
 
accepted
218002Newcomer1989 TSN-Ranksystem bot.php getlog cross site scriptingVulDBVulDB01/11/202302/01/2023CVE-2018-25073
 
accepted
217647lojban jbovlaste listing.html sql injectionVulDBVulDB01/08/202301/30/2023CVE-2018-25072
 
accepted
217610roxlukas LMeve proxy.php insert_log sql injectionVulDBVulDB01/07/202301/29/2023CVE-2018-25071
 
accepted
217606polterguy Phosphorus Five CSV Import NonQuery.cs csv.Read sql injectionVulDBVulDB01/07/202301/29/2023CVE-2018-25070
 
accepted
217593Netis Netcore Router hard-coded passwordVulDBVulDB01/07/202301/29/2023CVE-2018-25069
 
accepted
217570devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp fileVulDBVulDB01/06/202301/29/2023CVE-2018-25068
 
accepted
217569JoomGallery Image Sort default.php sql injectionVulDBVulDB01/06/202301/29/2023CVE-2018-25067
 
accepted
217554PeterMu nodebatis sql injectionVulDBVulDB01/06/202301/29/2023CVE-2018-25066
 
accepted
217445Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scriptingVulDBVulDB01/05/202301/28/2023CVE-2018-25065
 
accepted
217439OSM Lab show-me-the-way site.js cross site scriptingVulDBVulDB01/05/202301/28/2023CVE-2018-25064
 
accepted
217153Zenoss Dashboard defaultportlets.js cross site scriptingVulDBVulDB01/01/202301/26/2023CVE-2018-25063
 
accepted
217152flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of serviceVulDBVulDB01/01/202301/26/2023CVE-2018-25062
 
accepted
217151rgb2hex redosVulDBVulDB12/31/202201/26/2023CVE-2018-25061
 
accepted
217058Macaron csrf csrf.go missing secure attributeVulDBVulDB12/30/202201/26/2023CVE-2018-25060
 
accepted
217040pastebinit server.go pasteHandler path traversalVulDBVulDB12/30/202201/26/2023CVE-2018-25059
 
accepted
217017Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbingVulDBVulDB12/29/202201/26/2023CVE-2018-25058
 
accepted
216996simple_php_link_shortener index.php sql injectionVulDBVulDB12/28/202201/26/2023CVE-2018-25057
 
accepted
216966yolapi metadata.py render_description cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25056
 
accepted
216961FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25055
 
accepted
216960shred cilla Search search.jsp cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25054
 
accepted
216959moappi Json2html json2html.js cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25053
 
accepted
216958Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25052
 
accepted
216957JmPotato Pomash editor.html cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25051
 
accepted
216956Harvest Chosen abstract-chosen.coffee AbstractChosen cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2018-25050
 
accepted
216854email-existence index.js redosVulDBVulDB12/27/202201/24/2023CVE-2018-25049
 
accepted
126700Thomson TCW710 RgUrlBlock.asp Persistent cross site scriptingVulDBVulDB11/13/201806/05/2023CVE-2018-25039
 
accepted
126699Thomson TCW710 RgDhcp Persistent cross site scriptingVulDBVulDB11/13/201806/05/2023CVE-2018-25038
 
accepted
126698Thomson TCW710 RgDdns Persistent cross site scriptingVulDBVulDB11/13/201806/05/2023CVE-2018-25037
 
accepted
126697Thomson TCW710 RgTime Persistent cross site scriptingVulDBVulDB11/13/201806/05/2023CVE-2018-25036
 
accepted
126696Thomson TCW710 RGFirewallEL Persistent cross site scriptingVulDBVulDB11/13/201806/05/2023CVE-2018-25035
 
accepted
126695Thomson TCW710 wlanPrimaryNetwork Persistent cross site scriptingVulDBVulDB11/12/201811/13/201806/05/2023CVE-2018-2503442
accepted
113807uTorrent Guest Account privileges managementVulDBVulDB02/25/201802/10/2023CVE-2018-25044
 
accepted
113806uTorrent PRNG improper authenticationVulDBVulDB02/25/201802/10/2023CVE-2018-25043
 
accepted
113805uTorrent memory corruptionVulDBVulDB02/25/201802/10/2023CVE-2018-25042
 
accepted
113804uTorrent JSON RPC Server privileges managementVulDBVulDB02/25/201802/10/2023CVE-2018-25041
 
accepted
113803uTorrent Web HTTP RPC Server privileges managementVulDBVulDB02/25/201802/10/2023CVE-2018-25040
 
accepted
106056Mirmay Secure Private Browser / File Manager Auto Lock improper authenticationVulDBVulDB09/01/201712/27/2022CVE-2018-25030
 
accepted

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!