Skip to main content
CVE-2018-11586 CRITICAL POC THREAT Act Now

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Searchblox
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.2%
CVE-2018-11743 CRITICAL POC PATCH Act Now

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Mruby Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2018-11722 CRITICAL POC Act Now

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-11678 CRITICAL POC Act Now

plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Monstra Cms
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-11736 CRITICAL POC Act Now

An issue was discovered in Pluck before 4.7.7-dev2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
8.6%
CVE-2018-10058 HIGH POC This Week

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cgminer Bfgminer
NVD GitHub
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-11740 HIGH POC This Week

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11739 HIGH POC This Week

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11738 HIGH POC This Week

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11737 HIGH POC This Week

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-10966 HIGH POC PATCH This Week

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gamerpolls
NVD GitHub
CVSS 3.0
7.3
EPSS
1.6%
CVE-2018-10813 HIGH POC This Week

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Dedos Web
NVD GitHub
CVSS 3.0
7.3
EPSS
1.1%
CVE-2018-10057 MEDIUM POC This Month

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bfgminer Cgminer
NVD GitHub
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-11554 CRITICAL Act Now

The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Yzmcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000189 HIGH PATCH This Week

A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Absint Astree
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-7943 HIGH This Week

There is an authentication bypass vulnerability in some Huawei servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei 1288H V5 Firmware 2288H V5 Firmware 2488 V5 Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1252 HIGH This Week

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Web Threat Detection
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-10597 HIGH This Week

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware Intellivue Mp50 Firmware +14
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2018-10601 HIGH This Week

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware +15
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-1000197 HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Black Duck Hub
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1000194 HIGH PATCH This Week

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Path Traversal Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-7884 HIGH This Week

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Core Software Cleaner
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-6662 HIGH This Week

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Management Of Native Encryption
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-1000181 HIGH This Week

Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kitura
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000180 HIGH PATCH This Week

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bc Java Fips Java Api Debian Linux Api Gateway +16
NVD GitHub
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-1000198 MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000196 MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Hook
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1000191 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Synopsys Detect
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000190 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000187 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1000186 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000183 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1332 MEDIUM PATCH This Month

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Storm
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-1000182 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Git
NVD
CVSS 3.0
6.4
EPSS
0.8%
CVE-2018-1432 MEDIUM This Month

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11735 MEDIUM This Month

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1454 MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-8008 MEDIUM PATCH This Month

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Storm
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-1000200 MEDIUM PATCH This Month

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1000202 MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Groovy Postbuild
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000188 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Cas
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1000184 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Github
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-8924 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Synology Office
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-8923 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology File Station
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-10599 MEDIUM This Month

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware Intellivue Mp50 Firmware +14
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-3691 MEDIUM This Month

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. Rated medium severity (CVSS 4.7). No vendor patch available.

Intel Information Disclosure Integrated Performance Primitives Cryptography
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-1000195 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2018-1000193 MEDIUM PATCH This Month

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2018-1000192 MEDIUM PATCH This Month

A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2018-1000185 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Github Branch Source
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy