Skip to main content
CVE-2018-11511 CRITICAL POC THREAT Act Now

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Asustor Data Master
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-11509 CRITICAL POC THREAT Act Now

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asustor Data Master
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.6%
CVE-2018-13446 HIGH POC This Week

An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Google Authentication Bypass Line
NVD GitHub
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-13435 HIGH POC This Week

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Apple Line
NVD GitHub
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-13434 MEDIUM POC This Month

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Authentication Bypass Apple Line
NVD GitHub
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-1712 CRITICAL Act Now

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM SSRF Api Connect
NVD
CVSS 3.0
9.9
EPSS
0.7%
CVE-2018-12256 HIGH PATCH This Week

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Litecart
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-15122 HIGH This Week

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Justassembly Justdecompile
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-14567 MEDIUM PATCH This Month

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2018-10139 MEDIUM This Month

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-11771 MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Apache Commons Compress Weblogic Server
NVD
CVSS 3.1
5.5
EPSS
5.3%
CVE-2018-1715 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10140 MEDIUM This Month

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy