Skip to main content
CVE-2018-1000006 HIGH POC PATCH THREAT Act Now

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Command Injection Electron
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
84.4%
CVE-2018-5988 CRITICAL POC THREAT Act Now

SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Flexible Poll
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-5986 CRITICAL POC Act Now

SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Easycarscript
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2018-5985 CRITICAL POC THREAT Act Now

SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Livecrm Saas Cloud
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-5984 CRITICAL POC Act Now

SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tumder
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-5979 CRITICAL POC THREAT Act Now

SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wchat
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.2%
CVE-2018-5978 CRITICAL POC Act Now

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zechat
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-5977 CRITICAL POC Act Now

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Affiligator
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-5972 CRITICAL POC THREAT Act Now

SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Quickad
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-5976 HIGH POC This Week

Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Rsvp Invitation Online
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-5969 HIGH POC This Week

Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Photography Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-1000018 HIGH POC This Week

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ovirt Hosted Engine Setup
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5319 HIGH POC THREAT This Week

RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filehub Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.4%
CVE-2018-6184 HIGH POC PATCH This Week

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
CVSS 3.0
7.5
EPSS
9.1%
CVE-2018-5705 MEDIUM POC This Month

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Image Hosting
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000007 CRITICAL PATCH Act Now

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Debian Linux Ubuntu Linux Enterprise Linux Desktop +10
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2018-4834 CRITICAL Act Now

A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pxc12 22 36 E D Firmware Pxc00 50 100 200 E D Firmware Pxc00 64 128 U Firmware Pxc001 E D Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2018-5778 CRITICAL Act Now

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Whatsup Gold
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-5777 CRITICAL Act Now

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-6192 MEDIUM POC This Month

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-6191 MEDIUM POC This Month

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mujs
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.2%
CVE-2018-5759 MEDIUM POC This Month

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mujs
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.1%
CVE-2018-6187 MEDIUM POC This Month

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-6190 MEDIUM POC This Month

Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wf2419 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-1000005 CRITICAL PATCH Act Now

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libcurl Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
9.1
EPSS
4.6%
CVE-2018-6018 CRITICAL Act Now

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Tinder
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2018-6017 CRITICAL Act Now

Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Tinder
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2018-6193 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Routers2
NVD GitHub Exploit-DB
CVSS 3.0
4.7
EPSS
2.1%
CVE-2018-1048 HIGH PATCH This Week

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-1047 MEDIUM PATCH This Month

A flaw was found in Wildfly 9.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Jboss Wildfly Application Server Jboss Enterprise Application Platform
NVD
CVSS 3.0
5.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy