Skip to main content
CVE-2018-1000094 HIGH POC THREAT Act Now

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cms Made Simple
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
40.5%
CVE-2018-1000124 CRITICAL POC Act Now

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP I Librarian
NVD GitHub
CVSS 3.1
10.0
EPSS
1.8%
CVE-2018-7750 CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine Cloudforms Virtualization +7
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.1%
CVE-2018-1000093 HIGH POC This Week

CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cryptonote
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-1000092 HIGH POC This Week

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-1000091 HIGH POC This Week

KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Kadnode
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-1000082 HIGH POC This Week

Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Ajenti
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-1000126 HIGH POC This Week

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ajenti
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1000090 HIGH POC This Week

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Textpattern
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000081 HIGH POC This Week

Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ajenti
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1000072 HIGH POC This Week

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iredmail
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1000071 HIGH POC This Week

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1000080 MEDIUM POC This Month

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ajenti
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-1000125 CRITICAL Act Now

inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prime Jwt
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000123 CRITICAL PATCH Act Now

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Ios Keychain
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6300 CRITICAL Act Now

Remote password change in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-6299 CRITICAL Act Now

Authentication bypass in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-6298 CRITICAL Act Now

Remote code execution in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-6297 CRITICAL Act Now

Buffer overflow in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-6295 CRITICAL Act Now

Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-6294 CRITICAL Act Now

Unsecured way of firmware update in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-1000076 CRITICAL PATCH Act Now

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Rubygems Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-1000069 MEDIUM POC This Month

FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Freeplane Debian Linux
NVD
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-1000084 MEDIUM POC This Month

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-8078 MEDIUM POC This Month

YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1000083 MEDIUM POC This Month

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ajenti
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1057 HIGH This Week

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Debian Linux Samba
NVD
CVSS 3.1
8.8
EPSS
10.3%
CVE-2018-1000087 MEDIUM POC This Month

WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-1000086 HIGH PATCH This Week

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF RCE Pym Js
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000070 HIGH PATCH This Week

Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Pybitmessage
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1000096 HIGH PATCH This Week

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tiny Json Http
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1000074 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Rubygems
NVD GitHub
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-1000104 HIGH PATCH This Week

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Coverity
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000097 HIGH This Week

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Ubuntu Linux Debian Linux Sharutils
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-1000127 HIGH PATCH This Week

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Memcached Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-1227 HIGH This Week

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-6305 HIGH This Week

Denial of service in Gemalto's Sentinel LDK RTE version before 7.65. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6304 HIGH This Week

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-6303 HIGH This Week

Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6302 HIGH This Week

Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6301 HIGH This Week

Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1000075 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rubygems Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
4.8%
CVE-2018-1000073 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Rubygems
NVD GitHub
CVSS 3.0
7.5
EPSS
5.1%
CVE-2018-1000099 HIGH PATCH This Week

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Pjsip Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-1000098 HIGH This Week

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Pjsip Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-1000089 HIGH PATCH This Week

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Django Anymail
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2018-1000107 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Job And Node Ownership
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-7405 MEDIUM This Month

Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1000088 MEDIUM PATCH This Month

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Doorkeeper
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000078 MEDIUM PATCH This Month

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rubygems Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
2.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy