Skip to main content
CVE-2018-11479 HIGH POC Act Now

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Windscribe
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
9.9%
CVE-2018-11444 CRITICAL POC Act Now

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Easyservice Billing
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-11470 HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11445 HIGH POC This Week

A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easyservice Billing
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-11442 HIGH POC This Week

A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easyservice Billing
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1133 HIGH POC PATCH THREAT This Week

An issue was discovered in Moodle 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Moodle
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
32.2%
CVE-2018-6237 HIGH POC This Week

A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Denial Of Service Smart Protection Server
NVD
CVSS 3.0
7.5
EPSS
6.4%
CVE-2018-11473 MEDIUM POC This Month

Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-11443 MEDIUM POC This Month

The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easyservice Billing
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-9091 CRITICAL PATCH Act Now

A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Loadmaster Operating System
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-8871 CRITICAL Act Now

In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Tpeditor
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-11468 MEDIUM POC This Month

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-11471 MEDIUM POC This Month

Cockpit 0.5.5 has XSS via a collection, form, or region. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cockpit
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10350 HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE PHP Smart Protection Server
NVD
CVSS 3.0
8.8
EPSS
15.2%
CVE-2018-6664 HIGH This Week

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jwt Attack Data Loss Prevention Endpoint
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11440 HIGH This Week

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Liblouis Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-1137 HIGH PATCH This Week

An issue was discovered in Moodle 3.x. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-11475 HIGH This Week

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Monstra
NVD GitHub
CVSS 3.0
8.0
EPSS
1.1%
CVE-2018-11474 HIGH This Week

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure PHP Monstra
NVD GitHub
CVSS 3.0
8.0
EPSS
1.1%
CVE-2018-6235 HIGH This Week

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Trend Micro Antivirus +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6233 HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6232 HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1565 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Buffer Overflow Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1544 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Buffer Overflow Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1488 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Buffer Overflow RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1459 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Buffer Overflow Microsoft RCE Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1467 HIGH This Week

The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-6236 HIGH This Week

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Trend Micro Privilege Escalation Antivirus Internet Security +2
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-1515 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Microsoft IBM Buffer Overflow Db2
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-1135 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1134 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Moodle
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-11472 MEDIUM This Month

Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-11469 MEDIUM This Month

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Haproxy Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-6234 MEDIUM This Month

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-1452 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1451 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1450 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1449 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1136 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-6674 LOW Monitor

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virusscan Enterprise
NVD
CVSS 3.0
3.9
EPSS
0.2%
CVE-2018-8864 LOW Monitor

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Hpss16 Firmware Hpss32 Firmware Mhpss Firmware Alert4000 Firmware
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2018-8862 LOW Monitor

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Hpss16 Firmware Hpss32 Firmware Mhpss Firmware Alert4000 Firmware
NVD
CVSS 3.0
3.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy