Skip to main content
CVE-2018-7746 HIGH POC This Week

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Razor
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-7720 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Razor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2018-7745 HIGH POC THREAT This Week

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Razor
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
12.5%
CVE-2017-12174 HIGH PATCH This Week

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Artemis Hornetq Jboss Enterprise Application Platform
NVD VulDB
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-7565 HIGH This Week

CSRF exists on Polycom QDX 6000 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Qdx 6000 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-1000118 HIGH PATCH This Week

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Electron
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-7752 HIGH PATCH This Week

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Gpac Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-7738 HIGH PATCH This Week

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Util Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7204 HIGH PATCH This Week

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Information Disclosure PHP File Manager
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-5452 HIGH This Week

A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Controlwave Micro Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-1054 HIGH PATCH This Week

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
4.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy