Skip to main content
CVE-2018-1418 HIGH POC PATCH THREAT Act Now

IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass IBM RCE Qradar Security Information And Event Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.1%
CVE-2018-10429 CRITICAL POC Act Now

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cosmo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8072 HIGH POC PATCH This Week

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Ic 3140W Firmware Ic 5150W Firmware Ic 6220Dc Firmware
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-10392 HIGH POC This Week

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libvorbis Debian Linux +4
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-3855 HIGH POC This Week

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Perceptive Document Filters
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2018-10425 HIGH POC This Week

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9113 HIGH POC This Week

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Microbetrace
NVD GitHub
CVSS 3.0
7.8
EPSS
4.1%
CVE-2018-8974 HIGH POC This Week

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Microbetrace
NVD GitHub
CVSS 3.0
7.8
EPSS
4.1%
CVE-2018-10431 HIGH POC This Week

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 615 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-10381 CRITICAL Act Now

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Tunnelbear
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-7465 MEDIUM POC This Month

An XSS issue was discovered in VirtueMart before 3.2.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtuemart
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.4%
CVE-2018-3851 HIGH This Week

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Perceptive Document Filters
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-3845 HIGH This Week

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Perceptive Document Filters
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-3844 HIGH This Week

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft RCE Use After Free Perceptive Document Filters
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-10430 MEDIUM POC This Month

An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-6518 MEDIUM POC This Month

Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Composr Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%
CVE-2018-10422 MEDIUM POC This Month

An issue was discovered in HongCMS 3.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hongcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10391 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10393 HIGH This Week

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libvorbis Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-1074 HIGH This Week

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Enterprise Virtualization
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-10424 LOW POC Monitor

mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Minicms
NVD GitHub
CVSS 3.0
2.7
EPSS
1.0%
CVE-2018-10423 LOW POC Monitor

mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Minicms
NVD GitHub
CVSS 3.0
2.7
EPSS
1.3%
CVE-2018-10237 MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service Guava Openshift Container Platform +15
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2018-7527 MEDIUM This Month

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Levistudio Hmi Editor Levistudiou Pi Studio Hmi Project Programmer
NVD
CVSS 3.0
5.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy