Skip to main content
CVE-2018-0706 HIGH POC THREAT Act Now

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qnap Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
48.7%
CVE-2018-0707 HIGH POC THREAT Act Now

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
59.2%
CVE-2018-13862 CRITICAL POC THREAT Act Now

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webtouch Setup V9 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
50.6%
CVE-2018-13859 CRITICAL POC THREAT Act Now

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C4 Professional Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.9%
CVE-2018-14334 CRITICAL POC Act Now

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-1612 MEDIUM POC PATCH THREAT This Month

IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD Exploit-DB
CVSS 3.0
5.8
EPSS
57.0%
CVE-2018-14346 HIGH POC PATCH This Week

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Debian Linux Libextractor
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-14331 HIGH POC This Week

An issue was discovered in XiaoCms X1 v20140305. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xiaocms X1
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0710 HIGH POC THREAT This Week

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-0709 HIGH POC THREAT This Week

Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2018-0708 HIGH POC THREAT This Week

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
26.3%
CVE-2018-14338 HIGH POC This Week

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Exiv2
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-14333 HIGH POC This Week

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Teamviewer
NVD GitHub
CVSS 3.0
8.1
EPSS
2.6%
CVE-2018-14337 HIGH POC This Week

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mruby Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-14347 MEDIUM POC PATCH This Month

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Libextractor
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-14362 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14361 CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Neomutt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-14360 CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Debian Linux Neomutt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-14359 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2018-14358 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-14357 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14356 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Debian Linux Mutt Neomutt +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14354 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2018-14353 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14352 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-14351 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14350 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14349 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-13861 CRITICAL Act Now

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webtouch Setup V9 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-13858 CRITICAL Act Now

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C4 Professional Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-14329 MEDIUM POC This Month

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Htslib
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2018-14363 HIGH PATCH This Week

An issue was discovered in NeoMutt before 2018-07-16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Neomutt
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-14345 HIGH PATCH This Week

An issue was discovered in SDDM through 0.17.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Sddm
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13860 HIGH This Week

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C4 Professional Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13864 HIGH PATCH This Week

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Play Framework
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2018-6681 MEDIUM This Month

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Security Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-14355 MEDIUM PATCH This Month

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy