Skip to main content
CVE-2018-10191 CRITICAL POC PATCH Act Now

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Mruby Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2018-7539 CRITICAL POC Act Now

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xc5000 Firmware Xc5100 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-10185 HIGH POC This Week

An issue was discovered in TuziCMS v2.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tuzicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-5430 HIGH POC KEV THREAT This Week

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jasperreports Server Jaspersoft Jaspersoft Reporting And Analytics
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
48.8%
CVE-2018-10183 MEDIUM POC This Month

An issue was discovered in BigTree 4.2.22. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bigtree Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10192 CRITICAL Act Now

IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Apple Ipvanish
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-6913 CRITICAL Act Now

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Debian Linux Perl +1
NVD
CVSS 3.0
9.8
EPSS
10.9%
CVE-2018-6797 CRITICAL PATCH Act Now

An issue was discovered in Perl 5.18 through 5.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Debian Linux Perl Ubuntu Linux +2
NVD
CVSS 3.0
9.8
EPSS
6.6%
CVE-2018-5190 CRITICAL Act Now

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Picturespro
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-10187 MEDIUM POC This Month

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-10186 MEDIUM POC This Month

In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-10178 MEDIUM POC This Month

The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Fromdoctopdf
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-5429 HIGH This Week

A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jasperreports Server Jasperreports Library Jaspersoft Jaspersoft Reporting And Analytics +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-10190 HIGH This Week

A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Private Internet Access
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8834 HIGH This Week

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cx Flnet Cx One Cx Programmer +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-7530 HIGH This Week

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Cx Flnet Cx One Cx Programmer +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-7514 HIGH This Week

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cx Flnet Cx One Cx Programmer +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-6798 HIGH This Week

An issue was discovered in Perl 5.22 through 5.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Debian Linux Perl Ubuntu Linux +2
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-10189 HIGH PATCH This Week

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mautic
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-8838 MEDIUM This Month

A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and. Rated medium severity (CVSS 6.5). No vendor patch available.

Information Disclosure B M9000 Cs B M9000 Vp Centum Cs 3000 Centum Vp +1
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-1371 MEDIUM This Month

An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-5431 MEDIUM This Month

The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jasperreports Server Jaspersoft Jaspersoft Reporting And Analytics
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1445 MEDIUM This Month

IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy