Skip to main content
CVE-2018-7264 CRITICAL POC THREAT Act Now

The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Activepdf Toolkit
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.5%
CVE-2018-7477 CRITICAL POC Act Now

SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7554 CRITICAL POC Act Now

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-7553 CRITICAL POC Act Now

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-7552 CRITICAL POC Act Now

There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-7551 CRITICAL POC Act Now

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-6641 CRITICAL POC Act Now

An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Mathtype
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2018-6640 CRITICAL POC Act Now

A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-6639 CRITICAL POC Act Now

An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2018-6638 CRITICAL POC Act Now

A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-6947 HIGH POC This Week

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Nomachine Windows 10 Windows 7 +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.1%
CVE-2018-7482 HIGH POC This Week

The K2 component 2.8.0 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP K2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-7569 MEDIUM POC This Month

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
2.1%
CVE-2018-7568 MEDIUM POC This Month

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-7556 CRITICAL Act Now

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Limesurvey Debian Linux
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-7469 MEDIUM POC This Month

PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Entrepreneur Job Portal Script
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1286 MEDIUM PATCH This Month

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Openmeetings
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-7557 MEDIUM PATCH This Month

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2018-1304 MEDIUM PATCH This Month

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Tomcat Jboss Enterprise Application Platform Jboss Enterprise Web Server +7
NVD
CVSS 3.0
5.9
EPSS
17.4%
CVE-2018-7570 MEDIUM PATCH This Month

The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy