Skip to main content
CVE-2018-15727 CRITICAL POC PATCH THREAT Act Now

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Grafana Authentication Bypass Ceph Storage
NVD GitHub
CVSS 3.0
9.8
EPSS
64.3%
CVE-2018-12710 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-601 2.02NA devices. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 601 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
76.5%
CVE-2018-15912 HIGH POC PATCH This Week

An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation RCE Manjaro Linux
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-12827 HIGH POC PATCH THREAT This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.0%
CVE-2018-15907 MEDIUM POC This Month

Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tc8305C Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-7790 CRITICAL Act Now

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-16134 MEDIUM POC This Month

Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cybrohttpserver
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-15562 MEDIUM POC This Month

CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Isweb
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-7791 CRITICAL Act Now

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2018-14805 CRITICAL Act Now

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Esoms
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-12829 CRITICAL Act Now

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-12828 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12825 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12811 CRITICAL Act Now

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-12810 CRITICAL Act Now

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-12808 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Adobe RCE Buffer Overflow Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
7.5%
CVE-2018-15882 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Joomla
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-16133 MEDIUM POC THREAT This Month

Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cybrohttpserver
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
39.3%
CVE-2018-16115 CRITICAL PATCH Act Now

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Akka
NVD
CVSS 3.0
9.1
EPSS
1.2%
CVE-2018-14768 HIGH This Week

Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Camera
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-12799 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Adobe Denial Of Service RCE Acrobat Dc +1
NVD
CVSS 3.0
8.8
EPSS
6.7%
CVE-2018-15121 HIGH This Week

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aspnet Aspnet Owin
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16132 HIGH This Week

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Signal
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2018-5003 HIGH This Week

Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
7.8
EPSS
4.9%
CVE-2018-7789 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2018-7792 HIGH This Week

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2018-8022 HIGH PATCH This Week

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD GitHub
CVSS 3.0
7.5
EPSS
7.5%
CVE-2018-1318 HIGH This Week

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
7.7%
CVE-2018-12826 HIGH PATCH This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-15881 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-6598 HIGH This Week

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Wonder Rc555L Firmware
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-6597 MEDIUM This Month

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation A30 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-8004 MEDIUM PATCH This Month

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
6.3%
CVE-2018-12806 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-12240 MEDIUM This Month

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Privilege Escalation Norton Password Manager
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2018-12824 MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
5.9
EPSS
10.9%
CVE-2018-6599 MEDIUM This Month

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Wonder Rc555L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15746 MEDIUM PATCH This Month

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-16062 MEDIUM This Month

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Elfutils Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2018-7795 MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java Powerlogic Pm5560 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2018-15880 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-8040 MEDIUM PATCH This Month

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
8.6%
CVE-2018-8005 MEDIUM This Month

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
6.9%
CVE-2018-12807 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.0
5.3
EPSS
4.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy