Skip to main content
CVE-2018-1000116 CRITICAL POC Act Now

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Net Snmp Debian Linux
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-7739 CRITICAL POC THREAT Act Now

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Antman
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
CVE-2018-7746 HIGH POC This Week

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Razor
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-7720 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Razor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2018-7745 HIGH POC THREAT This Week

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Razor
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
12.5%
CVE-2018-7741 MEDIUM POC This Month

Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7721 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7753 CRITICAL PATCH Act Now

An issue was discovered in Bleach 2.1.x before 2.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bleach
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-7740 MEDIUM POC This Month

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Virtualization Host +5
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2017-12174 HIGH PATCH This Week

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Artemis Hornetq Jboss Enterprise Application Platform
NVD VulDB
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-7565 HIGH This Week

CSRF exists on Polycom QDX 6000 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Qdx 6000 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-1000118 HIGH PATCH This Week

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Electron
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-7752 HIGH PATCH This Week

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Gpac Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-7738 HIGH PATCH This Week

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Util Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7204 HIGH PATCH This Week

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Information Disclosure PHP File Manager
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-5452 HIGH This Week

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Controlwave Micro Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-1054 HIGH PATCH This Week

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
4.8%
CVE-2018-1000117 MEDIUM PATCH This Month

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft RCE Python Privilege Escalation
NVD GitHub
CVSS 3.1
6.7
EPSS
1.1%
CVE-2018-7564 MEDIUM This Month

Stored XSS exists on Polycom QDX 6000 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qdx 6000 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-7473 MEDIUM This Month

Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Sowifi Hotspot Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-1000119 MEDIUM PATCH This Month

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

CSRF Rack Protection
NVD GitHub
CVSS 3.0
5.9
EPSS
2.5%
CVE-2018-7675 MEDIUM This Month

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Sentinel
NVD
CVSS 3.0
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy