Skip to main content
CVE-2018-10653 CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-8898 CRITICAL POC THREAT Act Now

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 3782 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.3%
CVE-2018-1126 CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-11231 HIGH POC This Week

In the Divido plugin for OpenCart, there is SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Divido
NVD
CVSS 3.0
8.1
EPSS
9.1%
CVE-2018-7295 HIGH POC This Week

ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Final Fantasy Xiv
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2018-1124 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE Buffer Overflow Procps Ng +8
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-1125 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Buffer Overflow Stack Overflow Procps Ng Ubuntu Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-1123 HIGH POC PATCH This Week

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Denial Of Service Buffer Overflow Procps Ng Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.1%
CVE-2018-11396 HIGH POC This Week

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epiphany
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1122 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Procps Ng Ubuntu Linux Debian Linux
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
1.3%
CVE-2018-10428 MEDIUM POC This Month

ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilias
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-10648 CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1309 CRITICAL PATCH Act Now

Apache NiFi External XML Entity issue in SplitXML processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Information Disclosure Apache Nifi
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-10357 HIGH This Week

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Path Traversal Endpoint Application Control
NVD
CVSS 3.0
8.8
EPSS
73.9%
CVE-2018-10356 HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-10354 HIGH This Week

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Command Injection Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
13.6%
CVE-2018-10352 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-10351 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-8176 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office For Mac
NVD
CVSS 3.0
8.8
EPSS
22.1%
CVE-2018-10654 HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization Xenmobile Server
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-10650 HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11334 HIGH This Week

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Windscribe
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10652 HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1310 HIGH PATCH This Week

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Apache Nifi
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-10355 HIGH This Week

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. Rated high severity (CVSS 7.0). No vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD
CVSS 3.0
7.0
EPSS
0.6%
CVE-2018-10353 MEDIUM This Month

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Information Disclosure Email Encryption Gateway
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-10651 MEDIUM This Month

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Open Redirect Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10649 MEDIUM This Month

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-6495 MEDIUM This Month

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Universal Cmdb Universal Cmdb Browser Cms Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-1193 MEDIUM This Month

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cf Deployment Routing Release
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy