Skip to main content
CVE-2018-16416 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fuel Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-16413 HIGH POC This Week

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-16412 HIGH POC This Week

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Imagemagick Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
4.5%
CVE-2018-16387 HIGH POC PATCH This Week

An issue was discovered in Elefant CMS before 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Elefantcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-16380 HIGH POC This Week

An issue was discovered in Ogma CMS 0.4 Beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ogma Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16384 HIGH POC This Week

{`a`b} where a is a special function name (such as "if") and b is the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Owasp Modsecurity Core Rule Set
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-16408 HIGH POC This Week

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
4.7%
CVE-2018-16376 HIGH This Week

An issue was discovered in OpenJPEG 2.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16375 HIGH PATCH This Week

An issue was discovered in OpenJPEG 2.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-16409 HIGH This Week

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gogs
NVD GitHub
CVSS 3.0
8.6
EPSS
1.3%
CVE-2018-16398 HIGH PATCH This Week

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Authz Broker
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy