Skip to main content
CVE-2018-3728 HIGH POC PATCH This Week

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Hoek
NVD GitHub
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-9135 HIGH POC This Week

In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-9144 HIGH POC This Week

In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
8.1
EPSS
1.9%
CVE-2018-5708 HIGH POC This Week

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
6.3%
CVE-2018-7171 HIGH POC THREAT This Week

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Twonky Server
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
28.7%
CVE-2018-9134 HIGH This Week

file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-7566 HIGH PATCH This Week

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Linux Kernel Linux Enterprise Module For Public Cloud Linux Enterprise Server +9
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-9141 HIGH This Week

On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Samsung Mobile
NVD
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-1232 HIGH This Week

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apache Buffer Overflow Authentication Agent For Web
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-3740 HIGH PATCH This Week

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-9142 HIGH This Week

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Samsung Samsung Mobile
NVD
CVSS 3.0
7.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy