Skip to main content
CVE-2018-3779 CRITICAL POC Act Now

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Activesupport
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2018-15186 HIGH POC This Week

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Auditor Website Project
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15187 HIGH POC This Week

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Advanced Real Estate Script
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2018-11492 HIGH POC THREAT This Week

ASUS HG100 devices allow denial of service via an IPv4 packet flood. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hg100 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.4%
CVE-2018-10769 HIGH POC This Week

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Smartmesh Ugtoken Gg Token First +2
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-14028 HIGH POC THREAT This Week

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP
NVD GitHub
CVSS 3.0
7.2
EPSS
17.7%
CVE-2018-15191 MEDIUM POC This Month

PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow PHP Hotel Booking Script
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15188 MEDIUM POC This Month

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow PHP Advanced Real Estate Script
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-15185 MEDIUM POC This Month

PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Naukri Clone Script
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-14503 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-3110 CRITICAL PATCH Act Now

A vulnerability was discovered in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
9.9
EPSS
2.5%
CVE-2018-10630 CRITICAL PATCH Act Now

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Tsw X60 Firmware Mc3 Firmware
NVD
CVSS 3.0
9.8
EPSS
10.9%
CVE-2018-15190 MEDIUM POC This Month

PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hotel Booking Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-15189 MEDIUM POC This Month

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Advanced Real Estate Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14783 HIGH This Week

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nwl 25 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-13341 HIGH This Week

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tsw X60 Firmware Mc3 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-14837 MEDIUM POC This Month

Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-6553 HIGH This Week

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Information Disclosure Cups Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-11048 HIGH This Week

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XXE Denial Of Service Emc Data Protection Advisor Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-11063 HIGH This Week

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14785 HIGH This Week

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nwl 25 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-14782 HIGH This Week

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nwl 25 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-14784 MEDIUM This Month

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Nwl 25 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13390 MEDIUM PATCH This Month

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudtoken
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2018-7754 MEDIUM This Month

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10622 MEDIUM This Month

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mycarelink 24952 Patient Monitor Firmware Mycarelink 24950 Patient Monitor Firmware
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.1%
CVE-2018-10626 MEDIUM This Month

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2018-6556 LOW PATCH Monitor

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux Lxc Caas Platform Openstack Cloud +2
NVD
CVSS 3.0
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy