Skip to main content
CVE-2018-5384 CRITICAL POC Act Now

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL Infinity
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2018-14579 CRITICAL POC Act Now

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Golemcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14589 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14587 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14586 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14585 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14584 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14583 HIGH POC This Week

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14582 HIGH POC This Week

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-5385 HIGH POC This Week

Navarino Infinity is prone to session fixation attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Authentication Bypass Infinity
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-10906 HIGH POC PATCH This Week

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Debian Linux Fuse Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-5387 HIGH POC PATCH This Week

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Samlbase
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-5386 HIGH POC This Week

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Infinity
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-14335 MEDIUM POC THREAT This Month

An issue was discovered in H2 1.4.197. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
13.4%
CVE-2018-8859 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2018-10627 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2018-8851 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2018-8855 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2018-10628 CRITICAL PATCH Act Now

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Stack Overflow Intouch 2014 Intouch 2017
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-13385 CRITICAL Act Now

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Sourcetree
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10600 CRITICAL Act Now

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE RCE Acselerator Architect
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-11060 HIGH This Week

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-10604 HIGH This Week

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Sel Compass
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-13386 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-10905 HIGH This Week

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudforms Cloudforms Management Engine
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-11047 HIGH PATCH This Week

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-10632 HIGH This Week

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nport 5230 Firmware Nport 5232 Firmware Nport 5210 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14590 HIGH This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14588 HIGH This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10608 HIGH POC This Week

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Acselerator Architect
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
7.8%
CVE-2018-11044 MEDIUM This Month

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Pivotal Application Service
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-11059 MEDIUM This Month

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.0
5.4
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy