Skip to main content
CVE-2018-1335 HIGH POC PATCH THREAT Act Now

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Apache Tika
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
94.0%
CVE-2018-10376 HIGH POC This Week

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Smartmesh
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-8801 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-10374 MEDIUM POC This Month

EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10366 MEDIUM POC PATCH This Month

An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS User
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-10375 CRITICAL Act Now

A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-10362 CRITICAL Act Now

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Phpliteadmin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-10372 MEDIUM POC This Month

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-8716 MEDIUM POC THREAT This Month

WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Identity Server
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
39.3%
CVE-2018-10310 MEDIUM POC This Month

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Consent
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
3.9%
CVE-2018-5226 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1112 HIGH This Week

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glusterfs
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-10368 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10367 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-8837 HIGH This Week

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Webaccess Hmi Designer
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-8835 HIGH This Week

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess Hmi Designer
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-8833 HIGH This Week

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2018-5486 HIGH This Week

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass RCE Oncommand Unified Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10361 HIGH This Week

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Ktexteditor
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9102 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mivoice Connect St 14 2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-10373 MEDIUM This Month

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2018-9104 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-9103 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-9101 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-10208 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1339 MEDIUM PATCH This Month

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.6%
CVE-2018-1338 MEDIUM PATCH This Month

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-10213 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10212 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10209 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10206 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1363 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-10211 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-10210 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-10207 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy