Skip to main content
CVE-2018-6581 CRITICAL POC Act Now

SQL Injection exists in the JMS Music 1.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jms Music
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6580 CRITICAL POC THREAT Act Now

Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jimtawl
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-6579 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reverse Auction
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-6578 CRITICAL POC Act Now

SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Je Paypervideo
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-6577 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-6576 CRITICAL POC Act Now

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6575 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Classified
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6548 CRITICAL POC Act Now

A use-after-free issue was discovered in libwebm through 2018-02-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libwebm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-6537 CRITICAL POC Act Now

A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Syncbreeze
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-6521 CRITICAL POC PATCH Act Now

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simplesamlphp Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-6317 CRITICAL POC THREAT Act Now

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Claymore Dual Miner
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
44.3%
CVE-2018-5261 HIGH POC This Week

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Diskboss
NVD GitHub
CVSS 3.0
8.1
EPSS
0.5%
CVE-2018-6543 HIGH POC This Week

In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2018-6525 HIGH POC This Week

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nprotect Avs
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6524 HIGH POC This Week

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nprotect Avs
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6523 HIGH POC This Week

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nprotect Avs
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6522 HIGH POC This Week

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nprotect Avs
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6542 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zziplib
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-6541 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-6540 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-6561 MEDIUM POC PATCH This Month

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dojo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6545 MEDIUM POC This Month

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moveit
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6551 CRITICAL Act Now

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Glibc
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-6486 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Fortify Audit Workbench Fortify Software Security Center
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-6544 MEDIUM POC This Month

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-6550 MEDIUM POC PATCH This Month

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6560 HIGH PATCH This Week

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Flatpak Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +3
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-6318 HIGH This Week

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Information Disclosure Sophos Tester
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-6519 HIGH PATCH This Week

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Saml2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-6520 MEDIUM PATCH This Month

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simplesamlphp
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6319 MEDIUM This Month

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sophos Null Pointer Dereference Denial Of Service Sophos Tester
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6536 MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6526 MEDIUM This Month

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Mantisbt
NVD GitHub
CVSS 3.0
5.3
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy