Skip to main content
CVE-2018-10685 CRITICAL POC Act Now

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Long Range Zip
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-9919 CRITICAL POC Act Now

A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Tp Shop
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-10676 CRITICAL POC Act Now

CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tbk Dvr4216 Firmware Tbk Dvr4104 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-6401 CRITICAL POC Act Now

Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mss110 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-10544 CRITICAL POC Act Now

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mss110 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-9302 CRITICAL POC Act Now

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Cockpit
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
8.8%
CVE-2018-10577 HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.6%
CVE-2018-10677 HIGH POC PATCH This Week

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-10115 HIGH POC This Week

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE 7 Zip
NVD
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-10642 HIGH POC This Week

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE PHP Itop
NVD GitHub
CVSS 3.0
7.2
EPSS
7.5%
CVE-2018-10680 MEDIUM POC This Month

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0258 CRITICAL Act Now

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal Cisco Prime Data Center Network Manager Prime Infrastructure
NVD
CVSS 3.0
9.8
EPSS
49.4%
CVE-2018-0253 CRITICAL Act Now

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Secure Access Control System
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-10578 CRITICAL Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Ap200 Firmware Ap102 Firmware Ap100 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-0264 CRITICAL Act Now

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Webex Business Suite 31 Webex Business Suite 32 Webex Meeting Server +1
NVD
CVSS 3.0
9.6
EPSS
3.2%
CVE-2018-0287 HIGH This Week

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Webex Meetings Online
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-1104 HIGH This Week

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ansible Tower Cloudforms
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-0252 HIGH This Week

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
8.6
EPSS
2.5%
CVE-2018-0234 HIGH This Week

A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Point Software
NVD
CVSS 3.0
8.6
EPSS
3.9%
CVE-2018-8115 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows Host Compute Service Shim
NVD
CVSS 3.0
8.6
EPSS
34.4%
CVE-2018-0262 HIGH This Week

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass RCE Cisco Meeting Server
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-10675 HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +8
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-10647 HIGH This Week

SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Safervpn
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10646 HIGH This Week

CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cyberghost
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10645 HIGH This Week

Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Vyprvpn
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0226 HIGH This Week

A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Cisco Mobility Express Software
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-10657 HIGH PATCH This Week

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-5517 HIGH This Week

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5514 HIGH This Week

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-5512 HIGH This Week

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-0235 HIGH This Week

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2018-1101 HIGH This Week

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ansible Tower Cloudforms
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2018-0285 MEDIUM This Month

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Service Catalog
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-0278 MEDIUM This Month

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-8900 MEDIUM This Month

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sentinel Ldk Rte
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10568 MEDIUM This Month

XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Disksorter
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10567 MEDIUM This Month

XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vx Search
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10566 MEDIUM This Month

XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dupscout
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10565 MEDIUM This Month

XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Disksavvy
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10564 MEDIUM This Month

XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diskpulse
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10563 MEDIUM This Month

An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syncbreeze
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10294 MEDIUM This Month

Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diskboss
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10665 MEDIUM PATCH This Month

ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0283 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
1.4%
CVE-2018-0281 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
1.4%
CVE-2018-5518 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-0288 MEDIUM This Month

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Online
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2018-0286 MEDIUM This Month

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-0245 MEDIUM This Month

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Wireless Lan Controller Software
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2018-5519 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.9
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy