Skip to main content
CVE-2018-5767 CRITICAL POC THREAT Act Now

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Ac15 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.0%
CVE-2018-1041 HIGH POC THREAT This Week

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jboss Remoting Jboss Enterprise Application Platform
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
15.8%
CVE-2018-7055 HIGH POC This Week

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Roomwizard Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0866 HIGH POC PATCH THREAT This Week

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
44.3%
CVE-2018-0860 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
65.9%
CVE-2018-0859 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
18.0%
CVE-2018-0840 HIGH POC PATCH THREAT This Week

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
53.7%
CVE-2018-0838 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
65.9%
CVE-2018-0837 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
65.9%
CVE-2018-0835 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
65.9%
CVE-2018-0834 HIGH POC PATCH THREAT This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
55.6%
CVE-2018-0826 HIGH POC PATCH This Week

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.2%
CVE-2018-0823 HIGH POC PATCH This Week

The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.7%
CVE-2018-0822 HIGH POC PATCH This Week

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.7%
CVE-2018-0821 HIGH POC PATCH This Week

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Microsoft Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.3%
CVE-2018-7057 MEDIUM POC This Month

RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Roomwizard Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7054 CRITICAL Act Now

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Irssi Ubuntu Linux +1
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-7053 CRITICAL Act Now

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Irssi Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-5440 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Buffer Overflow Stack Overflow Codesys Runtime System +1
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-7169 MEDIUM POC This Month

An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Shadow
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-7056 MEDIUM POC This Month

RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Roomwizard Firmware
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-0833 MEDIUM POC PATCH THREAT This Month

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Null Pointer Dereference Microsoft Denial Of Service Windows 8 1 Windows Rt 8 1 +1
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
40.6%
CVE-2018-0852 HIGH PATCH This Week

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +1
NVD
CVSS 3.0
8.8
EPSS
19.7%
CVE-2018-0851 HIGH PATCH This Week

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +2
NVD
CVSS 3.0
8.8
EPSS
19.5%
CVE-2018-0841 HIGH PATCH This Week

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office
NVD
CVSS 3.0
8.8
EPSS
20.4%
CVE-2018-0832 MEDIUM POC PATCH This Month

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure. Rated medium severity (CVSS 4.7). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
2.4%
CVE-2018-0846 HIGH PATCH This Week

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0844 HIGH PATCH This Week

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0831 HIGH PATCH This Week

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0828 HIGH PATCH This Week

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-0820 HIGH PATCH This Week

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-0756 HIGH PATCH This Week

The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0742 HIGH PATCH This Week

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-6316 HIGH This Week

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ivanti Endpoint Security
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-7052 HIGH This Week

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Irssi Ubuntu Linux +1
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-7051 HIGH This Week

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Irssi Debian Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-7050 HIGH This Week

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Irssi Debian Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-0861 HIGH PATCH This Week

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0858 HIGH PATCH This Week

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption RCE Buffer Overflow Chakracore
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0857 HIGH PATCH This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
15.7%
CVE-2018-0856 HIGH PATCH This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
15.7%
CVE-2018-0836 HIGH PATCH This Week

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
15.7%
CVE-2018-0825 HIGH PATCH This Week

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.5
EPSS
16.8%
CVE-2018-0842 HIGH PATCH This Week

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows Embedded Compact Windows 10 Windows 7 +5
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2018-0809 HIGH PATCH This Week

The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-0850 MEDIUM PATCH This Month

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Outlook
NVD
CVSS 3.0
6.5
EPSS
5.1%
CVE-2018-7175 MEDIUM This Month

An issue was discovered in xpdf 4.00. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-7174 MEDIUM This Month

An issue was discovered in xpdf 4.00. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-7173 MEDIUM This Month

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-0761 MEDIUM PATCH This Month

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
5.5
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy