Skip to main content
CVE-2018-12292 CRITICAL POC Act Now

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Pale Moon
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.2%
CVE-2018-12268 CRITICAL POC Act Now

acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Acccheck Pl
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-12265 HIGH POC This Week

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-12264 HIGH POC This Week

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-10408 HIGH POC This Week

An issue was discovered in VirusTotal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Virustotal
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10406 HIGH POC PATCH This Week

An issue was discovered in Yelp OSXCollector. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osxcollector
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10405 HIGH POC This Week

An issue was discovered in Google Santa and molcodesignchecker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Santa
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10404 HIGH POC This Week

An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Knockknock Lulu Procinfo +2
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10403 HIGH POC This Week

An issue was discovered in F-Secure XFENCE and Little Flocker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Xfence
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-12019 HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-12323 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Momentum Axel 720P Momentum Axel 720P Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-12040 MEDIUM POC This Month

Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symfony
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-11688 MEDIUM POC PATCH This Month

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-12290 MEDIUM POC This Month

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yii2 Statemachine
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12273 MEDIUM POC This Month

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12272 MEDIUM POC This Month

xowl/request.php in Ximdex 4.0 has XSS via the content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12266 MEDIUM POC This Month

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1121 MEDIUM POC This Month

procps-ng, procps is vulnerable to a process hiding through race condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Procps
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
4.2%
CVE-2018-5488 CRITICAL Act Now

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Santricity Storage Manager Santricity Web Services Proxy
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-11407 CRITICAL PATCH Act Now

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symfony
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12339 MEDIUM POC This Month

ArticleCMS through 2017-02-19 has XSS via an "add an article" action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Articlecms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-12354 HIGH This Week

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Knowage
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-11406 HIGH PATCH This Week

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Symfony Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12263 HIGH This Week

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Portfoliocms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-0495 MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux Debian Linux Ansible Tower +4
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2018-11806 HIGH PATCH This Week

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Qemu Ubuntu Linux Openstack +8
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-11385 HIGH PATCH This Week

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Symfony Debian Linux Fedora
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-12321 HIGH PATCH This Week

There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Java Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-12320 HIGH PATCH This Week

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Java Memory Corruption Denial Of Service Use After Free Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-1431 HIGH This Week

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure General Parallel File System Spectrum Scale
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10363 HIGH This Week

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Booking Calendar
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7167 HIGH This Week

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2018-7164 HIGH This Week

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2018-7162 HIGH This Week

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2018-7161 HIGH PATCH This Week

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2018-12291 HIGH PATCH This Week

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5434 MEDIUM This Month

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Runtime Agent
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-5433 MEDIUM This Month

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administrator
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-12271 MEDIUM This Month

An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Apple Dropbox
NVD GitHub
CVSS 3.0
6.4
EPSS
0.4%
CVE-2018-5242 MEDIUM This Month

Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Norton App Lock
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-12355 MEDIUM This Month

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knowage
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-12353 MEDIUM This Month

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knowage
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-11408 MEDIUM PATCH This Month

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Symfony Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-11386 MEDIUM PATCH This Month

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Symfony Debian Linux
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-10407 MEDIUM This Month

An issue was discovered in Carbon Black Cb Response. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Apple Carbon Black Cb
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12322 MEDIUM PATCH This Month

There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-5432 MEDIUM This Month

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Administrator
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-7559 MEDIUM PATCH This Month

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Information Disclosure Ua Net Legacy Ua Netstandard
NVD GitHub
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-1393 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy