Skip to main content
CVE-2018-12900 HIGH POC THREAT This Week

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
25.2%
CVE-2018-12895 HIGH POC THREAT This Week

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Path Traversal PHP Debian Linux
NVD
CVSS 3.1
8.8
EPSS
62.6%
CVE-2018-1000600 HIGH POC PATCH THREAT This Week

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github
NVD
CVSS 3.0
8.8
EPSS
90.9%
CVE-2018-1000553 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1000552 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000551 HIGH POC This Week

Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Trovebox
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-1000506 HIGH POC This Week

Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Metronet Tag Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000548 HIGH POC This Week

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Umlet
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000546 HIGH POC This Week

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Triplea
NVD GitHub
CVSS 3.0
7.8
EPSS
2.6%
CVE-2018-1000542 HIGH POC This Week

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure XXE SSRF RCE Netbeans Mmd Plugin
NVD GitHub
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-1000540 HIGH POC This Week

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE SSRF Loboevolution
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-3841 HIGH POC This Week

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Renderman
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-3840 HIGH POC This Week

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Renderman
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-3760 HIGH POC PATCH THREAT This Week

There is an information leak vulnerability in Sprockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cloudforms Enterprise Linux Sprockets Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
26.7%
CVE-2018-10664 HIGH POC This Week

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10663 HIGH POC This Week

An issue was discovered in multiple models of Axis IP Cameras. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10659 HIGH POC This Week

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware +387
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-10658 HIGH POC This Week

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow A1001 Firmware A8004 V Firmware A8105 E Firmware +387
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000535 HIGH POC This Week

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-1000526 HIGH POC This Week

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Openpsa
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-1000518 HIGH POC PATCH This Week

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Websockets
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-1000515 HIGH POC This Week

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE News Articles
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000511 HIGH POC This Week

WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ulike
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-1000509 HIGH POC This Week

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Redirection
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-1000504 HIGH POC This Week

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Redirection
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2018-12712 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Joomla
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-4845 HIGH This Week

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware Rapidpoint 500 Firmware Rapidlab 1200 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2018-11447 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Buffer Overflow Stack Overflow Scalance M875 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000610 HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000603 HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openstack Cloud
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-0569 HIGH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Basercms
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000523 HIGH This Week

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Topydo
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-1000500 HIGH PATCH This Week

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Busybox
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2018-0572 HIGH PATCH This Week

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Basercms
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-11449 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Siemens Scalance M875 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0609 HIGH PATCH This Week

Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Line
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-0601 HIGH This Week

Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Axpdfium
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-0600 HIGH This Week

Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Playmemories Home
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-0599 HIGH PATCH This Week

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Windows
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2018-0598 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
7.8
EPSS
9.0%
CVE-2018-0597 HIGH This Week

Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Code
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0596 HIGH This Week

Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Community
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0595 HIGH This Week

Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Skype
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0594 HIGH This Week

Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Skype
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0593 HIGH This Week

Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0592 HIGH This Week

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.0
7.8
EPSS
5.1%
CVE-2018-0563 HIGH This Week

Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flet S Virus Clear Easy Setup Application Tool Flet S Virus Clear V6 Easy Setup Application Tool
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-1614 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-1000538 HIGH PATCH This Week

Minio Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Minio
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000531 HIGH This Week

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prime Jwt
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy