Skip to main content
CVE-2018-14847 CRITICAL POC KEV THREAT Act Now

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Path Traversal Routeros
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
96.1%
CVE-2018-14858 HIGH POC This Week

An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Icms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10921 HIGH POC This Week

Certain input files may trigger an integer overflow in ttembed input file processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ttembed
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-3834 HIGH POC This Week

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Hub Firmware
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2018-14840 MEDIUM POC PATCH This Month

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Subrion
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2018-14838 MEDIUM POC This Month

rejucms 2.1 has stored XSS via the admin/book.php content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rejucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10922 MEDIUM POC This Month

An input validation flaw exists in ttembed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ttembed
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-14835 MEDIUM POC PATCH This Month

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1154 HIGH PATCH This Week

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Securitycenter
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1336 HIGH PATCH This Week

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Denial Of Service Apache Jboss Enterprise Application Platform Ubuntu Linux +5
NVD
CVSS 3.1
7.5
EPSS
20.6%
CVE-2018-10920 MEDIUM This Month

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Knot Resolver
NVD
CVSS 3.1
6.8
EPSS
3.2%
CVE-2018-3109 MEDIUM PATCH This Month

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Fusion Middleware
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-3108 MEDIUM PATCH This Month

Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Fusion Middleware
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-14836 MEDIUM This Month

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-7649 MEDIUM This Month

Monitorix before 3.10.1 allows XSS via CGI variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monitorix
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-8032 MEDIUM PATCH This Month

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +35
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2018-8037 MEDIUM PATCH This Month

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Apache Information Disclosure Tomcat Debian Linux
NVD
CVSS 3.0
5.9
EPSS
12.1%
CVE-2018-14851 MEDIUM PATCH This Month

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow PHP Ubuntu Linux +2
NVD
CVSS 3.0
5.5
EPSS
4.3%
CVE-2018-1155 MEDIUM PATCH This Month

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Securitycenter
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1554 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-12448 MEDIUM This Month

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-2933 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy