Skip to main content
CVE-2018-6789 CRITICAL POC KEV PATCH THREAT Act Now

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Exim Debian Linux Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
82.2%
CVE-2018-6180 CRITICAL POC Act Now

A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Voting Platform
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-6836 CRITICAL POC PATCH Act Now

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-0127 CRITICAL POC THREAT Act Now

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Rv132W Firmware Rv134W Firmware
NVD
CVSS 3.1
9.8
EPSS
77.6%
CVE-2018-6644 HIGH POC This Week

SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Small Footprint Cim Broker
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-5550 MEDIUM POC THREAT This Month

Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Airprint
NVD
CVSS 3.0
6.1
EPSS
37.5%
CVE-2018-1163 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Netvault Backup
NVD
CVSS 3.0
9.8
EPSS
16.3%
CVE-2018-1161 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Netvault Backup
NVD
CVSS 3.0
9.8
EPSS
67.2%
CVE-2018-0514 CRITICAL Act Now

MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mp Form Mail Cgi
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-6835 CRITICAL PATCH Act Now

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Etherpad
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-0125 CRITICAL KEV THREAT Act Now

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Rv132W Firmware Rv134W Firmware
NVD
CVSS 3.1
9.8
EPSS
55.4%
CVE-2018-0113 HIGH This Week

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System Central Software
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-0137 HIGH This Week

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Network
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2018-0132 HIGH This Week

A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Apple Carrier Routing System
NVD
CVSS 3.0
8.6
EPSS
2.3%
CVE-2018-0117 HIGH This Week

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5000 Firmware Asr 5500 Firmware
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2018-1162 HIGH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Netvault Backup
NVD
CVSS 3.0
8.1
EPSS
5.0%
CVE-2018-0517 HIGH This Week

Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Anshin Net Security
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-0116 HIGH This Week

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-0512 MEDIUM This Month

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Hdl Xr Firmware Hdl Xrw Firmware Hdl Xr2U Firmware Hdl Xr2Uw Firmware +41
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-0140 MEDIUM This Month

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Email Security Appliance Firmware Content Security Management Appliance
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2018-0513 MEDIUM PATCH This Month

Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Simple Booking
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6834 MEDIUM PATCH This Month

static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Etherpad Lite
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0129 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Analytics Framework
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0128 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Analytics Framework
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0123 MEDIUM This Month

A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Apple iOS Ios Xe
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-6844 MEDIUM This Month

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mybb
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6846 MEDIUM This Month

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-0138 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-0134 MEDIUM This Month

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Mobility Services Engine
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2018-0119 MEDIUM This Month

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Conference Director
NVD
CVSS 3.0
4.7
EPSS
1.0%
CVE-2018-0122 MEDIUM This Month

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cisco Staros
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2018-0135 MEDIUM This Month

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-0120 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-1000030 LOW PATCH Monitor

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Rated low severity (CVSS 3.6). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Python Buffer Overflow Ubuntu Linux
NVD
CVSS 3.1
3.6
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy