Skip to main content
CVE-2018-6574 HIGH POC PATCH This Week

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Go Debian Linux Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
7.8
EPSS
7.8%
CVE-2018-6829 HIGH POC This Week

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libgcrypt
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-6806 MEDIUM POC This Month

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marked 2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2018-6824 MEDIUM POC This Month

Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cozy
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6823 CRITICAL Act Now

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Shimo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6822 CRITICAL Act Now

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Purevpn
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6796 MEDIUM POC This Month

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Multilanguage Real Estate Mlm Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6795 MEDIUM POC This Month

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Naukri Clone Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6655 MEDIUM POC This Month

PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Doctor Search Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6794 MEDIUM POC PATCH THREAT This Month

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Suricata Debian Linux
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
24.7%
CVE-2018-6799 HIGH PATCH This Week

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-6792 HIGH This Week

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cvms Hub
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1366 HIGH PATCH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection IBM Content Navigator
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-1388 HIGH This Week

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-6791 MEDIUM This Month

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Plasma Workspace Debian Linux
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2018-6603 MEDIUM This Month

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webpam Proe
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1382 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6790 MEDIUM This Month

An issue was discovered in KDE Plasma Workspace before 5.12.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plasma Workspace
NVD
CVSS 3.0
5.3
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy