Skip to main content
CVE-2018-11032 CRITICAL POC Act Now

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-11031 CRITICAL POC Act Now

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Phprap
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-11035 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11034 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-11037 MEDIUM POC This Month

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-11091 CRITICAL Act Now

An issue was discovered in MyBiz MyProcureNet 5.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Myprocurenet
NVD VulDB
CVSS 3.1
9.9
EPSS
1.7%
CVE-2018-10994 MEDIUM POC PATCH This Month

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Signal Desktop
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-5230 MEDIUM POC THREAT This Month

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
37.6%
CVE-2018-0568 HIGH This Week

Unrestricted file upload vulnerability in SiteBridge Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Joruri Gw
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-10252 HIGH This Week

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Wcb6200Q Firmware
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-10990 HIGH This Week

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Arris Tg1682G Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2018-0580 HIGH This Week

Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Clip Studio Action Clip Studio Modeler Clip Studio Paint
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-11033 HIGH This Week

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Xpdf
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-0588 HIGH This Week

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal User Profile Membership
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-10989 MEDIUM This Month

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Arris Tg1682G Firmware
NVD
CVSS 3.1
6.6
EPSS
1.4%
CVE-2018-11090 MEDIUM This Month

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Myprocurenet
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0583 MEDIUM This Month

Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rt Ac1200Hp Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0582 MEDIUM This Month

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rt Ac68U Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0581 MEDIUM This Month

Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rt Ac87U Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0579 MEDIUM This Month

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress XSS Open Graph For Facebook Google And Twitter Card Tags
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-0591 MEDIUM This Month

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Apple Kinepass
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-10944 MEDIUM This Month

The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rasputin Online Coin
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-8843 MEDIUM This Month

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Denial Of Service Use After Free Arena
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-0585 MEDIUM This Month

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-0578 MEDIUM This Month

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Pixelyoursite
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-0577 MEDIUM This Month

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS Wp Google Map
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2018-0576 MEDIUM This Month

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Events Manager
NVD
CVSS 3.0
5.4
EPSS
1.5%
CVE-2018-0590 MEDIUM This Month

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress User Profile Membership
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0589 MEDIUM This Month

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress User Profile Membership
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0587 MEDIUM This Month

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress User Profile Membership
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0586 MEDIUM This Month

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal User Profile Membership
NVD
CVSS 3.0
4.3
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy