Skip to main content
CVE-2018-14328 CRITICAL POC THREAT Act Now

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Trade
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.7%
CVE-2018-14565 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14564 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14563 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14562 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14551 CRITICAL POC Act Now

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-14531 CRITICAL POC Act Now

An issue was discovered in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14515 CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-14514 CRITICAL POC Act Now

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14570 HIGH POC This Week

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP B2B2C Multi Business
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-14523 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Aubio Leap Linux Enterprise
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14522 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aubio Leap Linux Enterprise
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14521 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aubio
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14568 HIGH POC PATCH This Week

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1999002 HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.6%
CVE-2018-1999018 MEDIUM POC This Month

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Pydio
NVD
CVSS 3.0
6.6
EPSS
3.5%
CVE-2018-1999016 MEDIUM POC PATCH This Month

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48;. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Pydio
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14527 MEDIUM POC This Month

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiao5Ucompany
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14517 MEDIUM POC This Month

SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14513 MEDIUM POC This Month

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-14512 MEDIUM POC This Month

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-11757 CRITICAL PATCH Act Now

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
6.9%
CVE-2018-11756 CRITICAL PATCH Act Now

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker PHP Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-1999022 CRITICAL Act Now

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Information Disclosure Html Quickform Civicrm
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-1999019 CRITICAL PATCH Act Now

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-1999010 CRITICAL PATCH Act Now

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-14532 CRITICAL Act Now

An issue was discovered in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-1999020 MEDIUM POC PATCH This Month

Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Path Traversal Onos
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-1999024 MEDIUM POC PATCH This Month

{} macro that can result in Potentially untrusted Javascript running within a web browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mathjax
NVD GitHub
CVSS 3.0
5.4
EPSS
1.3%
CVE-2018-1999021 MEDIUM POC This Month

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gleezcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1513 MEDIUM POC This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS IBM Sterling B2b Integrator
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.9%
CVE-2018-6678 CRITICAL Act Now

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mcafee Web Gateway
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2018-6677 CRITICAL Act Now

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mcafee Web Gateway
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2018-1999017 MEDIUM POC PATCH This Month

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF PHP Pydio
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-1999001 HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.8
EPSS
18.1%
CVE-2018-1999023 HIGH PATCH This Week

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection RCE The Battle For Wesnoth
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1999011 HIGH PATCH This Week

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-1999009 HIGH PATCH This Week

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Information Disclosure PHP October
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2018-11452 HIGH PATCH This Week

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dnp3 Tcp Firmware Iec 61850 Firmware Iec104 Firmware Modbus Tcp Firmware +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-11451 HIGH PATCH This Week

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dnp3 Tcp Firmware Iec 61850 Firmware Iec104 Firmware Modbus Tcp Firmware +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-6683 HIGH This Week

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2018-1999015 MEDIUM PATCH This Month

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1999014 MEDIUM PATCH This Month

FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-1999013 MEDIUM PATCH This Month

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1999012 MEDIUM PATCH This Month

FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-14549 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14524 MEDIUM PATCH This Month

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libredwg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-8031 MEDIUM PATCH This Month

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Tomcat Tomee
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-14573 MEDIUM This Month

A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Tightrope Media Carousel Digital Signage
NVD
CVSS 3.0
5.5
EPSS
6.4%
CVE-2018-14545 MEDIUM This Month

There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy