Skip to main content
CVE-2018-11419 CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11418 CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11410 CRITICAL POC Act Now

An issue was discovered in Liblouis 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Liblouis Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-11414 HIGH POC This Week

An issue was discovered in BearAdmin 0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bearadmin
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11405 HIGH POC This Week

Kliqqi 2.0.2 has CSRF in admin/admin_users.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Kliqqi Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000038 HIGH POC This Week

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mupdf
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-11413 MEDIUM POC This Month

An issue was discovered in BearAdmin 0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Bearadmin
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-1000039 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Mupdf
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2018-11415 MEDIUM POC This Month

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Internet Transaction Server
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.3%
CVE-2018-11404 MEDIUM POC This Month

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-11412 MEDIUM POC THREAT This Month

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +1
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
16.4%
CVE-2018-7518 CRITICAL Act Now

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scroll Medical Air Systems Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-8013 CRITICAL PATCH Act Now

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Batik Debian Linux Ubuntu Linux +18
NVD
CVSS 3.0
9.8
EPSS
19.5%
CVE-2018-5487 CRITICAL PATCH Act Now

NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Oncommand Unified Manager
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-1000300 CRITICAL PATCH Act Now

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Curl Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-1000155 CRITICAL Act Now

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Openflow
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1000301 CRITICAL PATCH Act Now

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Debian Linux Ubuntu Linux +7
NVD VulDB
CVSS 3.1
9.1
EPSS
2.8%
CVE-2018-1000040 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-1000037 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2018-1000036 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-11403 MEDIUM POC This Month

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.8%
CVE-2018-7407 HIGH This Week

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-7406 HIGH This Week

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-5680 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-5679 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2018-5678 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2018-5677 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2018-5676 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-5675 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-5674 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2018-11416 HIGH This Week

jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jpegoptim
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-11332 MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-7904 HIGH This Week

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Huawei 1288H V5 Firmware 2288H V5 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-7903 HIGH This Week

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Huawei 1288H V5 Firmware 2288H V5 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-7902 HIGH This Week

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Huawei 1288H V5 Firmware 2288H V5 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-5485 HIGH PATCH This Week

NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Oncommand Unified Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7526 HIGH This Week

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scroll Medical Air Systems Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7942 HIGH This Week

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei 1288H V5 Firmware 2288H V5 Firmware 2488 V5 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-11411 HIGH This Week

The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dimoncoin
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-11402 MEDIUM This Month

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Kp1000 Firmware
NVD
CVSS 3.0
6.6
EPSS
0.2%
CVE-2018-9920 MEDIUM This Month

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartforms
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10595 MEDIUM This Month

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor). Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Database Manager Performa Reada
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-10593 MEDIUM This Month

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA,. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure Database Manager Performa Reada
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2018-1000199 MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow Debian Linux Linux Kernel +8
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11401 MEDIUM This Month

In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Bs1000 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-11400 MEDIUM This Month

In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Bs1000 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-11399 MEDIUM This Month

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Es1000 Firmware U9K Kr1 Firmware U9K Ms1000 Firmware U9K Wt1000 Firmware
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy