Skip to main content
CVE-2018-7665 CRITICAL POC THREAT Emergency

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Clipbucket
NVD
CVSS 3.0
9.8
EPSS
16.2%
CVE-2018-7667 CRITICAL POC PATCH Act Now

Adminer through 4.3.1 has SSRF via the server parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Adminer
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-7666 CRITICAL POC Act Now

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clipbucket
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-7664 CRITICAL POC Act Now

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Clipbucket
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-7714 HIGH POC This Week

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7713 HIGH POC This Week

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7712 HIGH POC This Week

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opencv
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-0491 HIGH POC PATCH THREAT This Week

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Tor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-1000115 HIGH POC PATCH THREAT This Week

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memcached Ubuntu Linux Debian Linux Openstack
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
88.4%
CVE-2018-7668 HIGH POC This Week

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Testlink
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-7717 MEDIUM POC This Month

The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Image Gallery Extended
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7663 MEDIUM POC PATCH This Month

An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Voten
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7716 CRITICAL Act Now

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Privatevpn
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-7715 CRITICAL Act Now

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Apple Privatevpn
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-7493 CRITICAL Act Now

CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Cactusvpn
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5455 CRITICAL PATCH Act Now

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oncell G3110 Hspa Firmware Oncell G3110 Hspa T Firmware Oncell G3150 Hspa Firmware Oncell G3150 Hspa T Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-7711 HIGH PATCH This Week

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure PHP Simplesamlphp Saml2 +1
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-7698 HIGH This Week

An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure D-Link Mydlink
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-5453 HIGH PATCH This Week

An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oncell G3110 Hspa Firmware Oncell G3110 Hspa T Firmware Oncell G3150 Hspa Firmware Oncell G3150 Hspa T Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-0490 HIGH This Week

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tor Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-7644 HIGH PATCH This Week

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplesamlphp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1316 HIGH PATCH This Week

The ODE process deployment web service was sensible to deployment messages with forged names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Ode
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-5255 MEDIUM PATCH This Month

The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Eos
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-5449 MEDIUM This Month

A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Oncell G3150 Hspa T Firmware Oncell G3110 Hspa T Firmware Oncell G3150 Hspa Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy