Skip to main content
CVE-2018-15505 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-15504 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-15501 HIGH POC PATCH This Week

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Debian Linux Libgit2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2018-15495 HIGH POC This Week

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Path Traversal PHP Responsive Filemanager
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-15491 HIGH POC This Week

A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Antilogger
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-15494 CRITICAL PATCH Act Now

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dojo Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-15503 HIGH PATCH This Week

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Swoole
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-15492 HIGH This Week

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sentinel License Manager
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy