Skip to main content
CVE-2018-14012 CRITICAL POC Act Now

WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wolfsight Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14009 CRITICAL POC THREAT Act Now

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
38.4%
CVE-2018-12463 CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Fortify Software Security Center
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.8%
CVE-2018-13996 CRITICAL POC Act Now

Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Genann
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14014 HIGH POC This Week

In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Super Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-12980 HIGH POC THREAT This Week

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
30.1%
CVE-2018-12540 HIGH POC PATCH This Week

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vert X
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14006 HIGH POC This Week

An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ngtoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-14005 HIGH POC This Week

An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Malaysiancoin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-14004 HIGH POC This Week

An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Globecoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-14003 HIGH POC This Week

An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Wmctoken
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-14002 HIGH POC This Week

An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp3 Coin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14001 HIGH POC This Week

An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sharktech
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-13836 HIGH POC This Week

An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Rocket Coin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-13997 HIGH POC This Week

Genann through 2018-07-08 has a SEGV in genann_run in genann.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Genann
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12979 MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
7.9%
CVE-2018-14017 MEDIUM POC PATCH This Month

The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-14016 MEDIUM POC PATCH This Month

The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-14015 MEDIUM POC PATCH This Month

The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-13458 MEDIUM POC This Month

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2018-13457 MEDIUM POC This Month

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2018-13441 MEDIUM POC This Month

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-12981 MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
5.2%
CVE-2018-8024 MEDIUM POC PATCH This Month

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Apache Apple +2
NVD
CVSS 3.0
5.4
EPSS
5.0%
CVE-2018-13999 MEDIUM POC This Month

Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Catfish Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-13998 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10895 HIGH PATCH This Week

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF RCE Qutebrowser
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-5529 HIGH This Week

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Edge
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-13796 MEDIUM PATCH This Month

An issue was discovered in GNU Mailman before 2.1.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailman
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1334 MEDIUM PATCH This Month

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running. Rated medium severity (CVSS 4.7). No vendor patch available.

Apache Information Disclosure Spark
NVD
CVSS 3.0
4.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy