Skip to main content
CVE-2018-12519 HIGH POC This Week

An issue was discovered in ShopNx through 2017-11-17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Node.js Shopnx
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2018-12293 HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple Ubuntu Linux Webkitgtk +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-12582 HIGH POC This Week

An issue was discovered in AKCMS 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Akcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11526 HIGH POC This Week

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Wordpress Comments Import And Export
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-11525 HIGH POC This Week

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Advanced Order Export For Woocommerce
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-10945 HIGH POC This Week

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Mongoose
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-8727 HIGH POC This Week

Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dvms Workstation
NVD
CVSS 3.0
7.5
EPSS
7.8%
CVE-2018-12294 HIGH This Week

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Apple Webkitgtk
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11726 HIGH This Week

The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11724 HIGH This Week

The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-11116 HIGH This Week

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Openwrt
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-12565 HIGH PATCH This Week

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-12561 HIGH PATCH This Week

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Cantata
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-12559 HIGH PATCH This Week

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cantata
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-10811 HIGH PATCH This Week

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Strongswan Debian Linux Ubuntu Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
7.1%
CVE-2018-1061 HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux Ansible Tower Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.5
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy