CVE-2018-10518

In CMS Made Simple CMSMS through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...

CVE-2024-10518

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2019-10518

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

WordPress ProfilePress Plugin < 4.15.15 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

CVE-2024-10518

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2024-10518 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2020-10518

creationtimestamp| type| source ---|---|--- 2020-08-28 02:55:13+00:00| seen| https://t.me/cibsecurity/14361 2020-12-29 00:21:24+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2053...

CVE-2020-10518

CVE-2020-10518 – GitHub Enterprise Server : A remote code execution vulnerability exists in the GitHub Enterprise Server when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages could be exploited to execute commands on the Enterprise Server....

CVE-2020-17391

The CVE-2020-17391 entries describe a local information-disclosure flaw in Parallels Desktop’s prl_hypervisor kext, specifically in the HOST_IOCTL_INIT_HYPERVISOR handler. The vulnerability arises from exposing a dangerous method to unprivileged users, enabling a local attacker to disclose kernel...

CVE-2019-10518

CVE-2019-10518 describes a use-after-free of a pointer in the iWLAN path during the netmgr state transition to CONNECT on Qualcomm Snapdragon platforms (covering APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ... SXR2130, etc.). The issue spans Snapdragon Auto, Compute, Consumer IoT, ...

CVE-2016-10518

creationtimestamp| type| source ---|---|--- 2019-02-18 23:56:42+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2mhh-w6q8-5hxw...

02moduletest (=1.0.0), 10er10 (=0.23.0) +3956 more potentially affected by CVE-2016-10518 via ws (>=0.3.1 <=1.0.0)

ws NPM version =0.3.1, =0.0.1, =0.1.0, =0.0.1, =0.9.0, =0.0.1, =0.0.1, =0.1.2, =1.0.1, =0.1.16, =0.1.59-master.20200611224542 - @baiducloud/sdk =1.0.1-beta.7 - @bananaroxana/appsexpress =1.0.0 - @bananaroxana/myfirstapp =1.0.0 and more Source cves: CVE-2016-10518 Source advisory:...

DEBIAN-CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

CVE-2016-10518

CVE-2016-10518 affects the ws Node.js WebSocket module (pre-1.0.0). The vulnerability arises in the ping pathway: data from a ping frame is converted to a Buffer without validating the type, causing memory disclosure when non-zero-sized buffers are used. Affected versions are ws before 1.0.0; mit...

CVE-2018-10518

CMS Made Simple (CMSMS)