Skip to main content
CVE-2018-7573 CRITICAL POC THREAT Emergency

An issue was discovered in FTPShell Client 6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Ftpshell Client
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
69.7%
CVE-2018-7584 CRITICAL POC PATCH THREAT Act Now

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Ubuntu Linux Debian Linux
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.6%
CVE-2018-7561 CRITICAL POC Act Now

Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Tenda Ac9 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-7634 HIGH POC PATCH This Week

An issue was discovered in Enalean Tuleap 9.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Tuleap
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-7589 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-7588 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-7587 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-7579 HIGH POC This Week

\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yzmcms
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-2380 MEDIUM POC KEV THREAT This Month

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory". Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Path Traversal Customer Relationship Management
NVD GitHub Exploit-DB
CVSS 3.1
6.6
EPSS
28.9%
CVE-2018-7047 CRITICAL Act Now

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Streaming Engine
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-2368 CRITICAL Act Now

SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver System Landscape Directory
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-7590 HIGH This Week

CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hoosk
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7550 HIGH PATCH This Week

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Buffer Overflow Qemu Debian Linux +7
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2018-2367 HIGH This Week

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Business Application Software Integrated Solution
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-7586 HIGH This Week

In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal Nextgen Gallery
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-7048 HIGH This Week

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Streaming Engine
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-5314 HIGH This Week

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Command Injection Netscaler Application Delivery Controller Netscaler Gateway +1
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-7049 MEDIUM This Month

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-2365 MEDIUM This Month

SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Portal
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-5501 MEDIUM This Month

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-5500 MEDIUM This Month

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-6653 MEDIUM This Month

comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Swap
NVD
CVSS 3.0
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy