Skip to main content
CVE-2018-1000049 HIGH POC THREAT Act Now

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Claymore Dual Miner
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
77.3%
CVE-2018-6825 CRITICAL POC Act Now

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vobot Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-6871 CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice Debian Linux Ubuntu Linux +6
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
23.2%
CVE-2018-1000019 HIGH POC PATCH This Week

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Openemr
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-6827 HIGH POC This Week

VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Vobot Firmware
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-1000051 HIGH POC PATCH This Week

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Denial Of Service Mupdf +1
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000052 HIGH POC PATCH This Week

fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Fmt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6826 HIGH POC This Week

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Vobot Firmware
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-6876 MEDIUM POC This Month

The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Imagemagick Libfpx
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-6869 MEDIUM POC This Month

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.9%
CVE-2018-1000020 MEDIUM POC PATCH This Month

OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Openemr
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-5307 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-5306 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-1000060 CRITICAL PATCH Act Now

Sensu, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sensu Core
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-1000059 CRITICAL Act Now

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Validform Builder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-1000044 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Squert
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-1000043 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Command Injection Squert
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-1000042 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Command Injection Squert
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-3601 CRITICAL PATCH Act Now

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Control Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-6872 MEDIUM POC This Month

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-6878 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hot Scripts Clone
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1000023 MEDIUM POC This Month

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insight Api
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-1000034 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.4%
CVE-2018-1000033 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-1000058 HIGH PATCH This Week

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Pipeline Supporting Apis
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-1000053 HIGH PATCH This Week

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000050 HIGH PATCH This Week

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Stb Vorbis
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-1000048 HIGH This Week

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Rtretrievalframework
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-1000047 HIGH This Week

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Kodiak
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-1000041 HIGH This Week

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Librsvg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-3607 HIGH PATCH This Week

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
14.7%
CVE-2018-3606 HIGH PATCH This Week

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
49.4%
CVE-2018-3605 HIGH PATCH This Week

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
20.2%
CVE-2018-3604 HIGH PATCH This Week

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
68.6%
CVE-2018-3603 HIGH PATCH This Week

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-3602 HIGH PATCH This Week

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-1000056 HIGH PATCH This Week

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Junit
NVD
CVSS 3.0
8.3
EPSS
1.1%
CVE-2018-1000055 HIGH PATCH This Week

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins XXE SSRF Android Lint
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-1000054 HIGH PATCH This Week

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Ccm
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-1000025 HIGH PATCH This Week

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PHP Firebase Admin Sdk For Php
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-1307 HIGH PATCH This Week

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Juddi
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-6508 HIGH This Week

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
8.0
EPSS
1.9%
CVE-2018-1000046 HIGH PATCH This Week

NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Pyblock
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000045 HIGH PATCH This Week

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Singledop
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000035 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
30.5%
CVE-2018-1000032 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000031 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000026 HIGH This Week

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Enterprise Linux +4
NVD
CVSS 3.1
7.7
EPSS
3.9%
CVE-2018-1000027 HIGH PATCH This Week

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Squid Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
13.1%
CVE-2018-1000024 HIGH PATCH This Week

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
8.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy