Skip to main content
CVE-2018-10594 CRITICAL POC THREAT Emergency

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Stack Overflow Commgr
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
69.0%
CVE-2018-10662 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
79.8%
CVE-2018-10661 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
86.7%
CVE-2018-10660 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

P1354 Firmware M1033 W Firmware A1001 Firmware A8004 V Firmware A8105 E Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.2%
CVE-2018-1000533 CRITICAL POC PATCH THREAT Act Now

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Gitlist
NVD GitHub
CVSS 3.1
9.8
EPSS
73.0%
CVE-2018-1000554 CRITICAL POC Act Now

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trovebox
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1000544 CRITICAL POC PATCH Act Now

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rubyzip Debian Linux Cloudforms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-1000525 CRITICAL POC Act Now

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Information Disclosure RCE PHP Openpsa
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-12889 CRITICAL POC Act Now

An issue was discovered in CCN-lite 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12900 HIGH POC THREAT This Week

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
25.2%
CVE-2018-12895 HIGH POC THREAT This Week

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Path Traversal PHP Debian Linux
NVD
CVSS 3.1
8.8
EPSS
62.6%
CVE-2018-1000600 HIGH POC PATCH THREAT This Week

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github
NVD
CVSS 3.0
8.8
EPSS
90.9%
CVE-2018-1000553 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1000552 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000551 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-1000506 HIGH POC This Week

Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Metronet Tag Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000548 HIGH POC This Week

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Umlet
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000546 HIGH POC This Week

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Triplea
NVD GitHub
CVSS 3.0
7.8
EPSS
2.6%
CVE-2018-1000542 HIGH POC This Week

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Netbeans Mmd Plugin
NVD GitHub
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-1000540 HIGH POC This Week

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Loboevolution
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-3841 HIGH POC This Week

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Renderman
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-3840 HIGH POC This Week

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Renderman
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-3760 HIGH POC PATCH THREAT This Week

There is an information leak vulnerability in Sprockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cloudforms Enterprise Linux Sprockets Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
26.7%
CVE-2018-10664 HIGH POC This Week

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10663 HIGH POC This Week

An issue was discovered in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10659 HIGH POC This Week

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware +387
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-10658 HIGH POC This Week

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware +387
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000535 HIGH POC This Week

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-1000526 HIGH POC This Week

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Openpsa
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-1000518 HIGH POC PATCH This Week

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Websockets
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-1000515 HIGH POC This Week

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE News Articles
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000511 HIGH POC This Week

WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ulike
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-1000509 HIGH POC This Week

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Redirection
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-1000504 HIGH POC This Week

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Redirection
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2018-1000558 MEDIUM POC This Month

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocsinventory Ng
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000519 MEDIUM POC PATCH This Month

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Aiohttp Session
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2018-1000510 MEDIUM POC This Month

WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Denial Of Service Image Zoom
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000507 MEDIUM POC This Month

WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wp User Groups
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-1000505 MEDIUM POC This Month

Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tooltipy
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-12902 MEDIUM POC This Month

In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easymagazine
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1000559 MEDIUM POC PATCH This Month

qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Qutebrowser
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000557 MEDIUM POC This Month

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ocsinventory Ng
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1000556 MEDIUM POC This Month

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1000543 MEDIUM POC This Month

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Akiee
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-1000536 MEDIUM POC This Month

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis XSS RCE Medis
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-1000534 MEDIUM POC PATCH This Month

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Joplin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000529 MEDIUM POC PATCH This Month

Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grails Fields
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-1000521 MEDIUM POC This Month

BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bigtree Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000512 MEDIUM POC This Month

Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tooltipy
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-4846 CRITICAL Act Now

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware Rapidpoint 500 Firmware Rapidlab 1200 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy