Skip to main content
CVE-2018-9032 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 850L Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
28.8%
CVE-2018-9092 HIGH POC This Week

There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Minicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-7700 HIGH POC THREAT This Week

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
74.8%
CVE-2018-8764 HIGH POC This Week

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Debian Linux Ldap Account Manager
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-7195 HIGH POC This Week

Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Osticket
NVD VulDB
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-8718 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jenkins Mailer
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
6.8%
CVE-2018-9054 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9053 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9052 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9051 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9050 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9049 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9048 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9047 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9046 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9045 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9044 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9043 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9042 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9041 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9040 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7196 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-7193 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-7192 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.1%
CVE-2018-9039 MEDIUM POC This Month

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-8763 MEDIUM POC This Month

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Ldap Account Manager
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6882 MEDIUM POC KEV THREAT This Month

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
23.7%
CVE-2018-1237 CRITICAL Act Now

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Scaleio
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-9057 CRITICAL PATCH Act Now

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Information Disclosure Terraform
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-9056 MEDIUM POC This Month

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Information Disclosure Atom C Atom E Atom X3 Atom Z +205
NVD
CVSS 3.0
5.6
EPSS
0.7%
CVE-2018-9058 MEDIUM POC This Month

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-9055 MEDIUM POC This Month

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-7194 MEDIUM POC This Month

Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Osticket
NVD VulDB
CVSS 3.0
4.9
EPSS
1.3%
CVE-2018-9105 HIGH This Week

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation RCE Apple Nordvpn
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-1231 HIGH This Week

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bosh Cli
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1267 HIGH This Week

Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Silk Release
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2018-1266 HIGH This Week

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Capi Release
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2018-6766 HIGH This Week

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Tvmediahelper
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-6765 HIGH This Week

Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Myswisscomassistant
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-1327 HIGH PATCH This Week

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
9.2%
CVE-2018-1238 HIGH This Week

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Command Injection Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1205 HIGH This Week

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-0739 MEDIUM PATCH This Month

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
19.3%
CVE-2018-8048 MEDIUM PATCH This Month

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Debian Linux Loofah
NVD GitHub
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-0733 MEDIUM This Month

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP OpenSSL Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
8.6%
CVE-2018-1091 MEDIUM PATCH This Month

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-0202 MEDIUM PATCH This Month

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Cisco Clamav +2
NVD
CVSS 3.0
5.5
EPSS
2.7%
CVE-2018-0198 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy