Skip to main content
CVE-2018-9126 CRITICAL POC THREAT Act Now

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dnnarticle
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
50.2%
CVE-2018-9248 CRITICAL POC THREAT Act Now

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vdsl2 Modem Hg 150 Ub Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
15.3%
CVE-2018-9247 CRITICAL POC Act Now

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms Qy
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-9035 CRITICAL POC Act Now

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Contact Form 7 To Database Extension
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
7.7%
CVE-2018-0986 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
61.5%
CVE-2018-9305 HIGH POC This Week

In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-9205 HIGH POC THREAT This Week

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Avatar Uploader
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
56.9%
CVE-2018-9274 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9273 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9272 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9271 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9270 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9269 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9268 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9267 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9266 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9265 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9264 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-9263 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-9262 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9261 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-9260 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-9259 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9258 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-9257 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-9256 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9304 MEDIUM POC This Month

In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-9303 MEDIUM POC This Month

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-8814 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-9252 MEDIUM POC This Month

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-9307 MEDIUM POC This Month

dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9238 MEDIUM POC This Month

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yahei Php Prober
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-9235 MEDIUM POC This Month

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sonicbb
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-9285 CRITICAL Act Now

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac66U Firmware Rt Ac68U Firmware Rt Ac86U Firmware Rt Ac88U Firmware +7
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-9284 CRITICAL PATCH Act Now

authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow D-Link Singapore Starhub Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2018-1469 CRITICAL PATCH Act Now

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-6873 CRITICAL Act Now

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Auth0 Js
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-9249 CRITICAL Act Now

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vdsl2 Modem Hg 150 Ub Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.3%
CVE-2018-9034 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Relevanssi
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.0%
CVE-2018-9237 MEDIUM POC This Month

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycreate
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-9236 MEDIUM POC This Month

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycreate
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-9115 MEDIUM POC This Month

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sitaware
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
6.0%
CVE-2018-8719 MEDIUM POC THREAT This Month

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress Information Disclosure Wp Security Audit Log
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
15.8%
CVE-2018-9251 MEDIUM POC This Month

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Libxml2 Debian Linux
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-1002150 CRITICAL PATCH Act Now

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Koji
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2018-1097 HIGH This Week

A flaw was found in foreman before 1.16.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman Satellite
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-6874 HIGH PATCH This Week

CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auth0 Js
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-8813 MEDIUM POC This Month

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.4%
CVE-2018-9275 HIGH PATCH This Week

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Yubico Pam
NVD GitHub
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-1082 HIGH PATCH This Week

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Moodle
NVD
CVSS 3.0
8.1
EPSS
2.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy