Skip to main content
CVE-2018-16448 HIGH POC This Week

Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16447 HIGH POC This Week

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-16438 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-16431 HIGH POC This Week

admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Yfcmf
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-16430 HIGH POC PATCH This Week

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libextractor Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16429 HIGH POC PATCH This Week

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Glib Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-10929 HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10926 HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-10907 HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow Glusterfs Virtualization Host +3
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-10904 HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host Enterprise Linux Server Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-10927 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2018-10923 HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-6555 HIGH PATCH This Week

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7937 HIGH This Week

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Hirouter Cd20 Firmware Ws5200 10 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11262 HIGH PATCH This Week

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-0675 HIGH This Week

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Attachecase
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-0674 HIGH This Week

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Attachecase
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-0656 HIGH This Week

Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Paper App
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-0646 HIGH This Week

Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Explzh
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-6923 HIGH This Week

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-10911 HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs Virtualization Host Enterprise Linux Desktop +4
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-16446 HIGH This Week

An issue was discovered in SeaCMS through 6.61. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy