Skip to main content
CVE-2018-11231 HIGH POC This Week

In the Divido plugin for OpenCart, there is SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Divido
NVD
CVSS 3.0
8.1
EPSS
9.1%
CVE-2018-7295 HIGH POC This Week

ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Final Fantasy Xiv
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2018-1124 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE Buffer Overflow Procps Ng +8
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-1125 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Buffer Overflow Stack Overflow Procps Ng Ubuntu Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-1123 HIGH POC PATCH This Week

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Denial Of Service Buffer Overflow Procps Ng Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.1%
CVE-2018-11396 HIGH POC This Week

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epiphany
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1122 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Procps Ng Ubuntu Linux Debian Linux
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
1.3%
CVE-2018-10357 HIGH This Week

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Path Traversal Endpoint Application Control
NVD
CVSS 3.0
8.8
EPSS
73.9%
CVE-2018-10356 HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-10354 HIGH This Week

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Command Injection Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
13.6%
CVE-2018-10352 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-10351 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-8176 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office For Mac
NVD
CVSS 3.0
8.8
EPSS
22.1%
CVE-2018-10654 HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization Xenmobile Server
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-10650 HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11334 HIGH This Week

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Windscribe
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10652 HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1310 HIGH PATCH This Week

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Apache Nifi
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-10355 HIGH This Week

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. Rated high severity (CVSS 7.0). No vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD
CVSS 3.0
7.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy