Skip to main content
CVE-2018-10137 HIGH POC This Week

iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Uberforx
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3849 HIGH POC This Week

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-3848 HIGH POC This Week

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2018-3846 HIGH POC This Week

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio Fedora
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-10132 HIGH POC This Week

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Pbootcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10117 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10114 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-10112 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-10070 HIGH POC THREAT This Week

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Router Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.0%
CVE-2018-10122 HIGH POC This Week

QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Chanzhi
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-10113 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Generic Graphics Library
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-10111 HIGH POC This Week

An issue was discovered in GEGL through 0.3.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gegl
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-10172 HIGH This Week

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft 7 Zip
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-10127 HIGH This Week

An issue was discovered in XYHCMS 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0530 HIGH This Week

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-0562 HIGH This Week

Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soundengine
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0561 HIGH This Week

Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phishwall
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-10120 HIGH PATCH This Week

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Buffer Overflow Debian Linux Libreoffice +4
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-10119 HIGH PATCH This Week

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Libreoffice Debian Linux +4
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-9153 HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP Z Blogphp
NVD
CVSS 3.0
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy