Skip to main content
CVE-2018-10133 CRITICAL POC Act Now

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Pbootcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-10106 CRITICAL POC Act Now

D-Link DIR-815 REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-10137 HIGH POC This Week

iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Uberforx
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3849 HIGH POC This Week

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-3848 HIGH POC This Week

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2018-3846 HIGH POC This Week

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-10132 HIGH POC This Week

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Pbootcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10117 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10114 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-10112 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-10070 HIGH POC THREAT This Week

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Router Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.0%
CVE-2018-10122 HIGH POC This Week

QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Chanzhi
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-10113 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Generic Graphics Library
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-10111 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-10177 MEDIUM POC This Month

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-10138 MEDIUM POC This Month

The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netstore
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10136 MEDIUM POC This Month

iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uberforx
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10135 MEDIUM POC This Month

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10108 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10107 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10097 MEDIUM POC This Month

XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domain Trader
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-10170 CRITICAL Act Now

NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Nordvpn
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-10169 CRITICAL Act Now

ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Protonvpn
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-10124 MEDIUM POC PATCH This Month

The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-10172 HIGH This Week

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft 7 Zip
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-10127 HIGH This Week

An issue was discovered in XYHCMS 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0530 HIGH This Week

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-10121 MEDIUM POC This Month

plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10118 MEDIUM POC This Month

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-10109 MEDIUM POC This Month

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.2%
CVE-2018-0562 HIGH This Week

Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soundengine
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0561 HIGH This Week

Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phishwall
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-10120 HIGH PATCH This Week

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Buffer Overflow Debian Linux Libreoffice +4
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-10119 HIGH PATCH This Week

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Libreoffice Debian Linux +4
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-9153 HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP Z Blogphp
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-0560 MEDIUM This Month

Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Hatena Bookmark
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-10128 MEDIUM This Month

An issue was discovered in XYHCMS 3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xyhcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10102 MEDIUM PATCH This Month

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-10101 MEDIUM PATCH This Month

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

WordPress Open Redirect Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-10100 MEDIUM PATCH This Month

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

WordPress Open Redirect Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
3.4%
CVE-2018-0737 MEDIUM This Month

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
12.0%
CVE-2018-0551 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0549 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000170 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1000169 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-0533 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-9169 MEDIUM This Month

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS PHP Z Blogphp
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-5382 MEDIUM PATCH This Month

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bc Java Satellite Satellite Capsule
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2018-0550 MEDIUM This Month

Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-0548 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy