Skip to main content
CVE-2018-10123 HIGH POC THREAT This Week

p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iopsys Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.9%
CVE-2018-11206 HIGH POC This Week

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.1
EPSS
2.9%
CVE-2018-11205 HIGH POC This Week

A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.1
EPSS
2.4%
CVE-2018-11209 HIGH POC This Week

An issue was discovered in Z-BlogPHP 2.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Z Blogphp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-10738 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10737 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10736 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10735 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-11214 MEDIUM POC This Month

An issue was discovered in libjpeg 9a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-11213 MEDIUM POC This Month

An issue was discovered in libjpeg 9a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-11212 MEDIUM POC PATCH This Month

An issue was discovered in libjpeg 9a and 9d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjpeg Debian Linux Ubuntu Linux Oncommand Unified Manager +9
NVD GitHub
CVSS 3.0
6.5
EPSS
5.1%
CVE-2018-11207 MEDIUM POC This Month

A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-11204 MEDIUM POC This Month

A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-11203 MEDIUM POC This Month

A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-11202 MEDIUM POC This Month

A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-10241 MEDIUM POC This Month

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Serv U
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-8014 CRITICAL PATCH Act Now

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Tomcat Ubuntu Linux Debian Linux +5
NVD
CVSS 3.0
9.8
EPSS
22.0%
CVE-2018-11210 CRITICAL Act Now

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Tinyxml2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-10759 CRITICAL Act Now

PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Projectpier
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-11208 MEDIUM POC This Month

An issue was discovered in Z-BlogPHP 2.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Z Blogphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-10760 HIGH This Week

Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Projectpier
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-4850 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 400 Firmware Simatic S7 400H Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-5231 HIGH This Week

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Server
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-10240 HIGH This Week

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.0
7.3
EPSS
1.1%
CVE-2018-10810 MEDIUM This Month

chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1172 MEDIUM This Month

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Squid
NVD
CVSS 3.0
5.9
EPSS
8.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy