Skip to main content
CVE-2018-1000223 HIGH POC This Week

soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Soundtouch
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1000216 HIGH POC This Week

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cjson
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000650 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000649 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-1000648 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-1000646 HIGH POC This Week

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-15573 HIGH POC This Week

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Reprise License Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-15565 HIGH POC This Week

An issue was discovered in daveismyname simple-cms through 2014-03-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Simple Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000224 HIGH POC This Week

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Godot
NVD GitHub
CVSS 3.0
7.5
EPSS
3.8%
CVE-2018-1000632 HIGH POC PATCH This Week

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dom4J Debian Linux Flexcube Investor Servicing Primavera P6 Enterprise Project Portfolio Management +10
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2018-15560 HIGH POC PATCH This Week

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pycryptodome
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-1000647 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Librehealth Ehr
NVD GitHub
CVSS 3.0
7.1
EPSS
1.5%
CVE-2018-1000222 HIGH This Week

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Libgd Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-15568 HIGH This Week

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Tp5Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15564 HIGH This Week

An issue was discovered in daveismyname simple-cms through 2014-03-11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15553 HIGH This Week

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Actiontec T2200H Firmware
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-12579 HIGH PATCH This Week

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Eshop
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-1000657 HIGH PATCH This Week

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Buffer Overflow Rust
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1000637 HIGH This Week

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Zutils Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1517 HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Software Development Kit Satellite +3
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-14079 HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Smart Hp Wmt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14077 HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1000215 HIGH This Week

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cjson
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1000656 HIGH PATCH This Week

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Flask Active Iq Hyper Converged Infrastructure +1
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-5243 HIGH This Week

The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Encryption Management Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1000634 HIGH PATCH This Week

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Omero
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-1000633 HIGH PATCH This Week

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Omero
NVD
CVSS 3.0
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy