Skip to main content
CVE-2018-10996 CRITICAL POC Act Now

The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow D-Link Dir 629 B Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-11004 HIGH POC This Week

An issue was discovered in SDcms v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Sdcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11003 MEDIUM POC This Month

An issue was discovered in YXcms 1.4.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yxcms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-10999 MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-10998 MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-11012 MEDIUM POC This Month

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-11011 MEDIUM POC This Month

ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy