Skip to main content
CVE-2018-3758 HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD
CVSS 3.1
8.8
EPSS
27.5%
CVE-2018-3723 HIGH POC PATCH This Week

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Defaults Deep
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-3722 HIGH POC PATCH This Week

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Merge Deep
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-3720 HIGH POC PATCH This Week

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Assign Deep
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-3719 HIGH POC PATCH This Week

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mixin Deep
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-10619 HIGH POC This Week

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Rslinx Classic Factorytalk Linx Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.8%
CVE-2018-12036 HIGH POC PATCH This Week

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dependency Check
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-12042 HIGH POC This Week

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Roxy Fileman
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-12016 HIGH POC This Week

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epiphany
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-12015 HIGH POC PATCH This Week

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ubuntu Linux Debian Linux Perl Mac Os X +4
NVD
CVSS 3.0
7.5
EPSS
7.3%
CVE-2018-0296 HIGH POC KEV THREAT This Week

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
99.9%
CVE-2018-3737 HIGH POC PATCH This Week

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sshpk
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-3732 HIGH POC PATCH This Week

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Resolve Path
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-3731 HIGH POC PATCH This Week

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Public Js
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3730 HIGH POC This Week

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mcstatic
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3729 HIGH POC PATCH This Week

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Localhost Now
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3727 HIGH POC This Week

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 626
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3725 HIGH POC PATCH This Week

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hekto
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3724 HIGH POC This Week

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal General File Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-3711 HIGH POC PATCH This Week

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-0336 HIGH This Week

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Prime Collaboration
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1514 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0322 HIGH This Week

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0317 HIGH This Week

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0274 HIGH This Week

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco Network Services Orchestrator
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-0338 HIGH This Week

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-0335 HIGH This Week

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Collaboration
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1547 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Microsoft IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.7
EPSS
2.2%
CVE-2018-0332 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Ip Phone Firmware Ip Phone Firmware
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-0353 HIGH This Week

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-0316 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-0263 HIGH This Week

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Meeting Server
NVD
CVSS 3.1
7.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy