Skip to main content
CVE-2018-14938 CRITICAL POC PATCH Act Now

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Tcpflow Ubuntu Linux
NVD GitHub
CVSS 3.0
9.1
EPSS
2.8%
CVE-2018-14959 HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14958 HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14947 HIGH POC This Week

An issue has been found in PDF2JSON 0.69. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pdf2Json
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14946 HIGH POC This Week

An issue has been found in PDF2JSON 0.69. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pdf2Json
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-14948 HIGH POC This Week

An issue has been found in dilawar sound through 2017-11-27. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sound
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14945 HIGH POC This Week

An issue has been found in jpeg_encoder through 2015-11-27. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jpeg Encoder
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-14944 HIGH POC This Week

An issue has been found in jpeg_encoder through 2015-11-27. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jpeg Encoder
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14940 HIGH POC This Week

PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Phpcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14955 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14954 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14953 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14952 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14951 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14950 MEDIUM POC This Month

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squirrelmail
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-14943 CRITICAL Act Now

Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nsg 9000 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14939 CRITICAL Act Now

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-14942 HIGH This Week

Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nsg 9000 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14937 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-14936 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Title field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-14941 MEDIUM This Month

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nsg 9000
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy