Skip to main content
CVE-2018-13421 CRITICAL POC Act Now

Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Fast Cpp Csv Parser
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-11349 HIGH POC This Week

The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jirafeau
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-11351 MEDIUM POC This Month

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Jirafeau
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-11350 MEDIUM POC This Month

An issue was discovered in Jirafeau before 3.4.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jirafeau
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13420 HIGH This Week

Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Gperftools
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-13419 MEDIUM This Month

An issue has been found in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsndfile
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-13423 MEDIUM PATCH This Month

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Omeka
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-13422 MEDIUM This Month

TCExam before 14.1.2 has XSS via an ff_ or xl_ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tcexam
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy