Skip to main content
CVE-2018-14054 CRITICAL POC Act Now

A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-1000206 HIGH POC PATCH This Week

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Artifactory
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-10018 HIGH POC This Week

The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Total Security
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.3%
CVE-2018-14046 HIGH POC This Week

Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-14035 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-14034 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-14033 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14031 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14029 HIGH POC This Week

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Witycms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-1000208 HIGH POC This Week

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Modx Revolution
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-14051 HIGH POC This Week

The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libwav
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14045 HIGH POC This Week

The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-14044 HIGH POC This Week

The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-1000207 HIGH POC PATCH THREAT This Week

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Modx Revolution
NVD GitHub
CVSS 3.0
7.2
EPSS
64.1%
CVE-2018-14048 MEDIUM POC PATCH This Month

An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libpng Jdk Jre
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-14036 MEDIUM POC PATCH This Month

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Accountsservice
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-14042 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-14041 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.3%
CVE-2018-14040 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Debian Linux Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.1%
CVE-2018-8847 CRITICAL Act Now

Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow 9000X Firmware
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2018-14043 CRITICAL PATCH Act Now

mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Mstdlib
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-14047 MEDIUM POC This Month

An issue has been found in PNGwriter 0.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pngwriter
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-1000209 HIGH This Week

Sensu, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sensu Core
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1245 HIGH This Week

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Rsa Identity Governance And Lifecycle
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-10875 HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-1000210 HIGH PATCH This Week

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Yamldotnet
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-7535 HIGH This Week

An issue was discovered in TotalAV v4.1.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Totalav
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000211 HIGH PATCH This Week

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Doorkeeper
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9067 HIGH This Week

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo Lenovo Help
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6969 HIGH PATCH This Week

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Rated high severity (CVSS 7.0).

VMware Information Disclosure Buffer Overflow Tools
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-14052 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14050 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14049 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-9070 MEDIUM This Month

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Lenovo Smart Assistant
NVD
CVSS 3.0
6.4
EPSS
0.3%
CVE-2018-10631 MEDIUM This Month

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass N Vision 8840 Firmware N Vision 8870 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2018-1255 MEDIUM This Month

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsa Identity Governance And Lifecycle
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10098 MEDIUM This Month

In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Escan Internet Security Suite
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy