Skip to main content
CVE-2018-1335 HIGH POC PATCH THREAT Act Now

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Apache Tika
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
94.0%
CVE-2018-10376 HIGH POC This Week

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Smartmesh
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5226 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1112 HIGH This Week

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glusterfs
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-8837 HIGH This Week

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Webaccess Hmi Designer
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-8835 HIGH This Week

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess Hmi Designer
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-8833 HIGH This Week

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2018-5486 HIGH This Week

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass RCE Oncommand Unified Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10361 HIGH This Week

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Ktexteditor
NVD
CVSS 3.0
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy