Skip to main content
CVE-2018-1218 HIGH POC THREAT This Week

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Buffer Overflow Emc Networker
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.0%
CVE-2018-7422 HIGH POC THREAT This Week

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Site Editor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
63.1%
CVE-2018-1195 HIGH This Week

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment Cf Release
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2018-1197 HIGH This Week

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Microsoft Information Disclosure Windows Stemcells
NVD
CVSS 3.0
8.5
EPSS
0.6%
CVE-2018-1221 HIGH This Week

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cf Deployment Routing Release
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2018-7262 HIGH This Week

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ceph Fedora
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-8761 HIGH This Week

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Yxcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-6843 HIGH This Week

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xperience
NVD GitHub
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-1171 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.0). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Smartos Solaris
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy