Skip to main content
CVE-2018-16278 CRITICAL POC Act Now

phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpopensourcecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-3787 HIGH POC PATCH This Week

Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Simplehttpserver
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-16298 MEDIUM POC This Month

An issue was discovered in MiniCMS 1.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16276 HIGH PATCH This Week

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-7685 HIGH This Week

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libzypp
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-16275 HIGH This Week

OPSWAT MetaDefender before v4.11.2 allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Metadefender
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-11054 HIGH PATCH This Week

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Bsafe Application Testing Suite Communications Analytics +9
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2018-6257 HIGH PATCH This Week

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-11056 MEDIUM PATCH This Month

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bsafe Bsafe Crypto C Application Testing Suite Communications Analytics +9
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2018-11057 MEDIUM PATCH This Month

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Bsafe Application Testing Suite Communications Analytics Communications Ip Service Activator +8
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2018-11055 MEDIUM PATCH This Month

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Bsafe Application Testing Suite Communications Analytics Communications Ip Service Activator +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-6258 MEDIUM PATCH This Month

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a. Rated medium severity (CVSS 4.7).

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-6259 LOW PATCH Monitor

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.0
2.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy