Skip to main content
CVE-2018-3839 HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Sdl Image Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-9037 HIGH POC This Week

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-9934 HIGH POC This Week

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metinfo
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-9927 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9926 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-9923 HIGH POC This Week

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-9918 HIGH POC PATCH This Week

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qpdf Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-2413 HIGH This Week

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Disclosure Management
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-2412 HIGH This Week

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Disclosure Management
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-2409 HIGH This Week

Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure SAP Cloud Platform
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-9988 HIGH PATCH This Week

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Mbed Tls Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2018-9989 HIGH PATCH This Week

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Mbed Tls Debian Linux
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-2408 HIGH This Week

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure SAP Businessobjects
NVD
CVSS 3.0
7.3
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy