Skip to main content
CVE-2018-6359 HIGH POC This Week

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Libming Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-6357 HIGH POC This Week

The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF PHP Social Media Widget
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-6353 HIGH POC This Week

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Electrum
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6354 MEDIUM POC PATCH This Month

templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Formspree
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-6358 HIGH This Week

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-6352 MEDIUM This Month

In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy