Skip to main content
CVE-2018-14570 HIGH POC This Week

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP B2B2C Multi Business
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-14523 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Aubio Leap Linux Enterprise
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14522 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aubio Leap Linux Enterprise
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14521 HIGH POC PATCH This Week

An issue was discovered in aubio 0.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aubio
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14568 HIGH POC PATCH This Week

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1999002 HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.6%
CVE-2018-1999001 HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.8
EPSS
18.1%
CVE-2018-1999023 HIGH PATCH This Week

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection RCE The Battle For Wesnoth
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1999011 HIGH PATCH This Week

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-1999009 HIGH PATCH This Week

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Information Disclosure PHP October
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2018-11452 HIGH PATCH This Week

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dnp3 Tcp Firmware Iec 61850 Firmware Iec104 Firmware Modbus Tcp Firmware +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-11451 HIGH PATCH This Week

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dnp3 Tcp Firmware Iec 61850 Firmware Iec104 Firmware Modbus Tcp Firmware +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-6683 HIGH This Week

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy