Skip to main content
CVE-2018-9995 CRITICAL POC THREAT Act Now

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tbk Dvr4216 Firmware Tbk Dvr4104 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
83.2%
CVE-2018-9924 CRITICAL POC Act Now

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-3839 HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Sdl Image Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-9037 HIGH POC This Week

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-9934 HIGH POC This Week

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metinfo
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-9927 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9926 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-9923 HIGH POC This Week

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-9918 HIGH POC PATCH This Week

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qpdf Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-3838 MEDIUM POC This Month

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-9038 MEDIUM POC This Month

Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
9.8%
CVE-2018-9985 MEDIUM POC This Month

The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8772 MEDIUM POC This Month

Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt3052 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-2404 CRITICAL Act Now

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-9996 MEDIUM POC This Month

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-3837 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image Debian Linux Starwind Virtual San
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-9925 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9922 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Icms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-9993 MEDIUM POC This Month

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-2413 HIGH This Week

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Disclosure Management
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-2412 HIGH This Week

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Disclosure Management
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-2409 HIGH This Week

Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure SAP Cloud Platform
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-9988 HIGH PATCH This Week

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Mbed Tls Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2018-9989 HIGH PATCH This Week

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Mbed Tls Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-2408 HIGH This Week

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure SAP Businessobjects
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2018-9840 MEDIUM PATCH This Month

The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Apple Signal
NVD GitHub
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-2403 MEDIUM This Month

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Disclosure Management
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-9928 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2410 MEDIUM This Month

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Business One
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-2405 MEDIUM This Month

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Solution Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-2406 MEDIUM This Month

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Crystal Reports Server
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-5227 MEDIUM This Month

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian XSS Application Links
NVD
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy