Skip to main content
CVE-2018-1000206 HIGH POC PATCH This Week

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Artifactory
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-10018 HIGH POC This Week

The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Total Security
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.3%
CVE-2018-14046 HIGH POC This Week

Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-14035 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-14034 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-14033 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14031 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14029 HIGH POC This Week

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Witycms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-1000208 HIGH POC This Week

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Modx Revolution
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-14051 HIGH POC This Week

The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libwav
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14045 HIGH POC This Week

The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-14044 HIGH POC This Week

The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-1000207 HIGH POC PATCH THREAT This Week

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Modx Revolution
NVD GitHub
CVSS 3.0
7.2
EPSS
64.1%
CVE-2018-1000209 HIGH This Week

Sensu, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sensu Core
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1245 HIGH This Week

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Rsa Identity Governance And Lifecycle
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-10875 HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-1000210 HIGH PATCH This Week

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Yamldotnet
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-7535 HIGH This Week

An issue was discovered in TotalAV v4.1.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Totalav
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000211 HIGH PATCH This Week

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Doorkeeper
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9067 HIGH This Week

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo Lenovo Help
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6969 HIGH PATCH This Week

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Rated high severity (CVSS 7.0).

VMware Information Disclosure Buffer Overflow Tools
NVD
CVSS 3.0
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy