Skip to main content
CVE-2018-6411 CRITICAL POC Act Now

An issue was discovered in Appnitro MachForm before 4.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi File Upload Machform
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
CVE-2018-6410 CRITICAL POC Act Now

An issue was discovered in Appnitro MachForm before 4.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Machform
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.0%
CVE-2018-11501 HIGH POC This Week

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Website Seller Script
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11500 HIGH POC This Week

An issue was discovered in PublicCMS V4.0.20180210. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Publiccms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11493 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11489 HIGH POC This Week

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Giflib Sam2P
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-11494 HIGH POC This Week

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Path Traversal Opencart
NVD
CVSS 3.0
8.0
EPSS
2.4%
CVE-2018-11505 HIGH POC This Week

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Werewolf Online
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.2%
CVE-2018-11496 MEDIUM POC This Month

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2018-11499 CRITICAL Act Now

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Libsass
NVD GitHub
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-6409 MEDIUM POC THREAT This Month

An issue was discovered in Appnitro MachForm before 4.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Machform
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.8%
CVE-2018-11495 MEDIUM POC This Month

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Opencart
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2018-11490 HIGH This Week

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Giflib Sam2P Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-11498 HIGH This Week

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Lizard Lz5
NVD GitHub
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-11487 MEDIUM This Month

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11504 MEDIUM This Month

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-11503 MEDIUM This Month

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy