Launchpad CVE tracker

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.

Created on 2018-03-20 and modified 12 hours ago.

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

Created on 2018-03-21 and modified 12 hours ago.

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

Created on 2018-03-21 and modified 12 hours ago.

Open-AudIT before 2.2 has CSV Injection.

Created on 2018-03-30 and modified 12 hours ago.

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

Created on 2018-04-01 and modified 12 hours ago.