Skip to main content
CVE-2018-4878 HIGH POC KEV THREAT Act Now

Adobe Flash Player contains a use-after-free vulnerability in the Primetime SDK's media player listener handling, exploited as a zero-day in January-February 2018 by North Korean APT groups in targeted attacks.

NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
93.4%
Threat
5.1
CVE-2018-6289 CRITICAL POC Act Now

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Secure Mail Gateway
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2018-6288 HIGH POC This Week

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Secure Mail Gateway
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-6467 HIGH POC This Week

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Flickrrss
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-6654 HIGH POC This Week

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Grammarly
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-6788 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6787 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6786 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6785 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6784 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6783 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6782 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6781 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6780 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6779 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6778 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6777 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6776 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6775 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6774 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6773 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6772 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6771 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6770 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6769 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6768 HIGH POC This Week

In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6767 HIGH POC PATCH This Week

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-6290 HIGH POC This Week

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secure Mail Gateway
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6389 HIGH POC THREAT This Week

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Denial Of Service PHP
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
73.1%
CVE-2018-6656 MEDIUM POC PATCH This Month

Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Z Blogphp
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-6291 MEDIUM POC This Month

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Mail Gateway
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6469 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Flickrrss
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6468 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Flickrrss
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6466 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Flickrrss
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-4877 CRITICAL Act Now

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Use After Free Flash Player +3
NVD
CVSS 3.0
9.8
EPSS
8.5%
CVE-2018-6758 CRITICAL PATCH Act Now

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Uwsgi
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-6569 HIGH This Week

West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Web Connection
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1299 HIGH This Week

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Nginx Allura
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-5457 HIGH This Week

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Carefusion Upgrade Utility
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-6759 MEDIUM This Month

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy