Skip to main content
CVE-2018-14589 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14587 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14586 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14585 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14584 HIGH POC This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14583 HIGH POC This Week

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xyhcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14582 HIGH POC This Week

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-5385 HIGH POC This Week

Navarino Infinity is prone to session fixation attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Authentication Bypass Infinity
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-10906 HIGH POC PATCH This Week

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Debian Linux Fuse Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-5387 HIGH POC PATCH This Week

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Samlbase
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-5386 HIGH POC This Week

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Infinity
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-11060 HIGH This Week

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-10604 HIGH This Week

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Sel Compass
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-13386 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-10905 HIGH This Week

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudforms Cloudforms Management Engine
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-11047 HIGH PATCH This Week

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-10632 HIGH This Week

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nport 5230 Firmware Nport 5232 Firmware Nport 5210 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14590 HIGH This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14588 HIGH This Week

An issue has been discovered in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10608 HIGH POC This Week

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Acselerator Architect
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
7.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy