Skip to main content
CVE-2018-16509 HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
92.5%
CVE-2018-16144 CRITICAL POC THREAT Act Now

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Opsview
NVD
CVSS 3.0
9.8
EPSS
32.7%
CVE-2018-15681 CRITICAL POC Act Now

An issue was discovered in BTITeam XBTIT 2.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xbtit
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-15680 CRITICAL POC Act Now

An issue was discovered in BTITeam XBTIT 2.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xbtit
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-16552 HIGH POC This Week

MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Python Django Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2018-15682 HIGH POC This Week

An issue was discovered in BTITeam XBTIT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xbtit
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16145 HIGH POC This Week

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Opsview
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-16545 HIGH POC This Week

Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Asset Manager Training Manager
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-16307 HIGH POC This Week

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xiaomi Miwifi Xiaomi 55Dd Firmware
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-16146 HIGH POC This Week

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Opsview
NVD
CVSS 3.0
7.2
EPSS
6.2%
CVE-2018-16436 HIGH POC This Week

Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gxlcms
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-16548 MEDIUM POC This Month

An issue was discovered in ZZIPlib through 0.13.69. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-16381 MEDIUM POC This Month

e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP E107
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16361 MEDIUM POC PATCH This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16148 MEDIUM POC This Month

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16147 MEDIUM POC This Month

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15683 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xbtit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15679 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15678 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15677 MEDIUM POC PATCH This Month

The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2018-16516 MEDIUM POC PATCH This Month

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flask Admin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-16550 CRITICAL Act Now

TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamviewer
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14618 CRITICAL Act Now

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libcurl Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
11.1%
CVE-2018-16521 CRITICAL PATCH Act Now

An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Html Form Entry Reference Application
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-16518 CRITICAL Act Now

A directory traversal vulnerability with remote code execution in Prim'X Zed!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Zed Zed Free
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-13259 CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0502 CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-16551 MEDIUM POC This Month

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lavalite
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15918 MEDIUM POC This Month

An issue was discovered in Jorani 0.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jorani
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
2.9%
CVE-2018-15917 MEDIUM POC This Month

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jorani
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
6.5%
CVE-2018-16549 MEDIUM POC This Month

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Php File Browser Script
NVD
CVSS 3.0
5.3
EPSS
2.5%
CVE-2018-15684 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xbtit
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-15676 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-16437 MEDIUM POC This Month

Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gxlcms
NVD
CVSS 3.0
4.9
EPSS
1.6%
CVE-2018-14771 HIGH This Week

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Camera
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-14770 HIGH This Week

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Camera
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-14769 HIGH This Week

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Camera
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16543 HIGH This Week

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-16513 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghostscript Ubuntu Linux Debian Linux Gpl Ghostscript +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-16511 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-16510 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ghostscript Ubuntu Linux Gpl Ghostscript
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-16252 LOW POC Monitor

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Event Log Explorer
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
2.5%
CVE-2018-16546 MEDIUM This Month

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Amcrest Ipc Hx1X3X Lexus Eng N Amcrest
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-9194 MEDIUM This Month

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-9192 MEDIUM This Month

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-16541 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16539 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-1353 MEDIUM This Month

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortimanager
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy