Skip to main content
CVE-2018-12914 CRITICAL POC Act Now

A remote code execution issue was discovered in PublicCMS V4.0.20180210. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal Publiccms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-12908 CRITICAL POC THREAT Act Now

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brynamics
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.7%
CVE-2018-1306 HIGH POC PATCH THREAT This Week

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Apache Information Disclosure Pluto
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
43.9%
CVE-2018-12913 HIGH POC This Week

In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Miniz
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12909 HIGH POC THREAT This Week

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Webgrind
NVD GitHub
CVSS 3.0
7.5
EPSS
18.6%
CVE-2018-12912 HIGH POC This Week

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hongcms
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-12919 MEDIUM POC This Month

In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Craftedweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12905 MEDIUM POC THREAT This Month

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
42.2%
CVE-2018-1457 CRITICAL Act Now

An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Engineering Requirements Management Doors
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-12918 CRITICAL Act Now

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-12917 CRITICAL Act Now

In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12916 CRITICAL Act Now

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12915 CRITICAL Act Now

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-5435 CRITICAL Act Now

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Spotfire Analyst Spotfire Analytics Platform For Aws Spotfire Deployment Kit Spotfire Desktop +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-12904 MEDIUM POC PATCH This Month

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
4.9
EPSS
1.2%
CVE-2018-5437 HIGH This Week

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analyst Spotfire Analytics Platform For Aws Spotfire Deployment Kit Spotfire Desktop +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-5436 HIGH This Week

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-8025 HIGH PATCH This Week

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Atlassian Apache Information Disclosure Hbase
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-5527 HIGH This Week

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-1553 HIGH This Week

IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-12907 HIGH This Week

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Rclone
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1354 MEDIUM This Month

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1355 MEDIUM This Month

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1543 MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-1507 MEDIUM This Month

IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-5528 MEDIUM This Month

Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-12536 MEDIUM PATCH This Month

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Retail Xstore Point Of Service
NVD
CVSS 3.1
5.3
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy