Skip to main content
CVE-2018-11544 CRITICAL POC Act Now

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Ftp Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-3744 CRITICAL POC Act Now

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Html Pages
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-1235 CRITICAL POC THREAT Act Now

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
43.3%
CVE-2018-11536 CRITICAL POC Act Now

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-11535 CRITICAL POC Act Now

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Slac
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-11531 CRITICAL POC Act Now

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-11528 CRITICAL POC Act Now

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11523 CRITICAL POC Act Now

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nvrmini 2 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
9.9%
CVE-2018-3745 CRITICAL POC PATCH Act Now

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Node.js Atob
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2018-11527 HIGH POC This Week

An issue was discovered in CScms v4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-3734 HIGH POC PATCH This Week

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Stattic
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-3733 HIGH POC PATCH This Week

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Crud File Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-11488 HIGH POC This Week

A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dtsearch
NVD GitHub
CVSS 3.0
7.5
EPSS
4.9%
CVE-2018-11027 MEDIUM POC This Month

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icx7450 48 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11532 MEDIUM POC PATCH This Month

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Changuondyu Advanced Statistics
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-11547 CRITICAL Act Now

md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11546 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11545 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10466 CRITICAL Act Now

Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2018-5241 CRITICAL Act Now

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Secure Gateway Symantec Proxysg
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-11549 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10751 MEDIUM POC This Month

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
8.7%
CVE-2018-11392 HIGH This Week

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Php Login User Management
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-1241 HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-6964 HIGH This Week

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Horizon Client
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11548 HIGH This Week

An issue was discovered in EOS.IO DAWN 4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1375 HIGH PATCH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1495 MEDIUM This Month

IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Denial Of Service Flashsystem 900 Firmware Flashsystem 840 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-1242 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1376 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1370 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1369 LOW PATCH Monitor

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
3.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy