Skip to main content
CVE-2018-10054 HIGH POC PATCH THREAT Act Now

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Datomic H2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
35.0%
CVE-2018-10048 HIGH POC This Week

iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Eswap
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10031 HIGH POC This Week

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cms Made Simple
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10030 HIGH POC This Week

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cms Made Simple
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3888 HIGH POC This Week

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3887 HIGH POC This Week

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3886 HIGH POC This Week

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-10050 HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-0021 HIGH This Week

If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-8953 HIGH This Week

CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Workload Automation Ae
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-1100 HIGH PATCH This Week

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Zsh Ubuntu Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-0022 HIGH This Week

A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-0020 HIGH This Week

Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0016 HIGH This Week

Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
4.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy