Skip to main content
CVE-2018-16445 CRITICAL POC Act Now

An issue was discovered in SeaCMS through 6.61. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-16432 CRITICAL POC Act Now

BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bluecms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-16428 CRITICAL POC PATCH Act Now

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Glib Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-16444 CRITICAL POC Act Now

An issue was discovered in SeaCMS 6.61. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Seacms
NVD GitHub
CVSS 3.0
9.1
EPSS
1.1%
CVE-2018-16448 HIGH POC This Week

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16447 HIGH POC This Week

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-16438 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-16431 HIGH POC This Week

admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Yfcmf
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-16430 HIGH POC PATCH This Week

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libextractor Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16429 HIGH POC PATCH This Week

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Glib Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-16425 MEDIUM POC PATCH This Month

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16424 MEDIUM POC PATCH This Month

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16423 MEDIUM POC PATCH This Month

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16422 MEDIUM POC PATCH This Month

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16421 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16420 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16419 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16418 MEDIUM POC PATCH This Month

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16458 MEDIUM POC This Month

An issue was discovered in baigo CMS v2.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baigo Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16449 MEDIUM POC This Month

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-16450 MEDIUM POC This Month

CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Craftedweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0664 CRITICAL Act Now

A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Nomachine
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-16435 MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine Ubuntu Linux Enterprise Linux Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-10929 HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10926 HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-10907 HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow Glusterfs Virtualization Host +3
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-10904 HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host Enterprise Linux Server Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-16426 MEDIUM POC PATCH This Month

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-10927 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2018-10923 HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-6555 HIGH PATCH This Week

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7937 HIGH This Week

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Hirouter Cd20 Firmware Ws5200 10 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11262 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-0675 HIGH This Week

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Attachecase
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-0674 HIGH This Week

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Attachecase
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-0656 HIGH This Week

Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Paper App
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-0646 HIGH This Week

Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Explzh
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-6923 HIGH This Week

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-10911 HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs Virtualization Host Enterprise Linux Desktop +4
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-16446 HIGH This Week

An issue was discovered in SeaCMS through 6.61. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10924 MEDIUM PATCH This Month

It was discovered that fsync(2) system call in glusterfs client code leaks memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Glusterfs
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10914 MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-10913 MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-0672 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type versions prior to Ver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-14627 MEDIUM PATCH This Month

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Wildfly
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-6554 MEDIUM PATCH This Month

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-7990 MEDIUM This Month

Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate 10 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-7936 MEDIUM This Month

Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate 10 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy