Skip to main content
CVE-2018-12584 CRITICAL POC PATCH THREAT Act Now

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Resiprocate Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
24.6%
CVE-2018-13981 CRITICAL POC THREAT Act Now

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Zeta Producer Desktop Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.3%
CVE-2018-11717 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2018-11716 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
14.3%
CVE-2018-14071 CRITICAL POC PATCH Act Now

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure Geo Mashup
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-14088 CRITICAL POC Act Now

An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Stex White List
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-14087 CRITICAL POC Act Now

An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Encryptedtoken
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2018-14086 CRITICAL POC Act Now

An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mytoken
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2018-14084 CRITICAL POC Act Now

An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Myadvancedtoken
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2018-14326 HIGH POC This Week

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14325 HIGH POC This Week

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14089 HIGH POC This Week

An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Virgo Zodiactoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-14085 HIGH POC This Week

An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Userwallet
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-10840 MEDIUM POC This Month

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Linux Buffer Overflow Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2018-14324 CRITICAL Act Now

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Glassfish Server
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-13980 MEDIUM POC This Month

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zeta Producer
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
6.9%
CVE-2018-13832 MEDIUM POC This Month

Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Apple All In One Favicon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.0%
CVE-2018-0341 HIGH This Week

A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ip Phone Multiplatform Firmware
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2018-0383 HIGH This Week

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
3.0%
CVE-2018-0369 HIGH This Week

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Staros
NVD
CVSS 3.0
8.6
EPSS
2.3%
CVE-2018-1046 HIGH PATCH This Week

pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Stack Overflow Pdns
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2018-0368 HIGH This Week

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Application Policy Infrastructure Controller Enterprise Module
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10857 HIGH This Week

git-annex is vulnerable to a private data exposure and exfiltration attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Annex Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10859 HIGH This Week

git-annex is vulnerable to an Information Exposure when decrypting files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Annex Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0385 HIGH This Week

A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-0370 HIGH This Week

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Firewall Management Center
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-5239 MEDIUM This Month

Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Norton App Lock
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-0366 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-13387 MEDIUM This Month

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0384 MEDIUM This Month

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
2.5%
CVE-2018-0360 MEDIUM This Month

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Clamav Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-5229 MEDIUM PATCH This Month

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Atlassian XSS Universal Plugin Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-0361 LOW Monitor

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clamav Debian Linux
NVD
CVSS 3.0
3.3
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy