Skip to main content
CVE-2018-1000094 HIGH POC THREAT Act Now

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cms Made Simple
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
40.5%
CVE-2018-1000093 HIGH POC This Week

CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cryptonote
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-1000092 HIGH POC This Week

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-1000091 HIGH POC This Week

KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Kadnode
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-1000082 HIGH POC This Week

Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Ajenti
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-1000126 HIGH POC This Week

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ajenti
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1000090 HIGH POC This Week

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Textpattern
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000081 HIGH POC This Week

Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ajenti
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1000072 HIGH POC This Week

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iredmail
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1000071 HIGH POC This Week

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1057 HIGH This Week

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Debian Linux Samba
NVD
CVSS 3.1
8.8
EPSS
10.3%
CVE-2018-1000086 HIGH PATCH This Week

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF RCE Pym Js
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000070 HIGH PATCH This Week

Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Pybitmessage
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1000096 HIGH PATCH This Week

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tiny Json Http
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1000074 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Rubygems
NVD GitHub
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-1000104 HIGH PATCH This Week

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Coverity
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000097 HIGH This Week

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Ubuntu Linux Debian Linux Sharutils
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-1000127 HIGH PATCH This Week

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Memcached Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-1227 HIGH This Week

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concourse
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-6305 HIGH This Week

Denial of service in Gemalto's Sentinel LDK RTE version before 7.65. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6304 HIGH This Week

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-6303 HIGH This Week

Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6302 HIGH This Week

Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6301 HIGH This Week

Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1000075 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rubygems Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
4.8%
CVE-2018-1000073 HIGH PATCH This Week

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Rubygems
NVD GitHub
CVSS 3.0
7.5
EPSS
5.1%
CVE-2018-1000099 HIGH PATCH This Week

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Pjsip Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-1000098 HIGH This Week

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Pjsip Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-1000089 HIGH PATCH This Week

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Django Anymail
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy