Skip to main content
CVE-2018-16975 CRITICAL POC PATCH Act Now

An issue was discovered in Elefant CMS before 2.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE PHP Elefant
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-16974 CRITICAL POC PATCH Act Now

An issue was discovered in Elefant CMS before 2.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE PHP Elefant
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-3885 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3884 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3883 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3882 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-16981 HIGH POC This Week

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Image H Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-13411 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-16951 HIGH POC This Week

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xunfeng
NVD GitHub
CVSS 3.0
8.0
EPSS
0.8%
CVE-2018-16962 HIGH POC This Week

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Secureanywhere
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-16946 HIGH POC This Week

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal PHP Lnb5110 Firmware Lnb5320 Firmware +16
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
9.3%
CVE-2018-16388 HIGH POC PATCH This Week

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP E107
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-7921 MEDIUM POC THREAT This Month

Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Huawei Information Disclosure B315S 22 Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
13.2%
CVE-2018-16980 MEDIUM POC This Month

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16979 MEDIUM POC This Month

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
3.0%
CVE-2018-16978 MEDIUM POC This Month

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12171 CRITICAL Act Now

Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Denial Of Service Bmc Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-16947 CRITICAL Act Now

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openafs Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-3679 CRITICAL Act Now

Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Center Manager
NVD
CVSS 3.0
9.6
EPSS
1.2%
CVE-2018-15834 MEDIUM POC PATCH This Month

In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-16729 MEDIUM POC This Month

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pluck
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16727 MEDIUM POC This Month

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16726 MEDIUM POC This Month

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16605 MEDIUM POC This Month

D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-16977 MEDIUM POC This Month

Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Monstra
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-13799 CRITICAL Act Now

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Simatic Wincc Open Architecture
NVD
CVSS 3.0
9.1
EPSS
2.3%
CVE-2018-15610 HIGH This Week

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ip Office
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-13807 HIGH This Week

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance X408 Firmware Scalance X300 Firmware Scalance X414 Firmware
NVD
CVSS 3.0
8.6
EPSS
4.2%
CVE-2018-16971 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-16970 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-3643 HIGH PATCH This Week

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Intel RCE Converged Security Management Engine Firmware Server Platform Services Firmware
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-12176 HIGH This Week

Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Denial Of Service Information Disclosure Intel +3
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2018-16976 HIGH PATCH This Week

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Information Disclosure Gitolite
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-12175 HIGH This Week

Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12168 HIGH This Week

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12162 HIGH This Week

Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Information Disclosure Openvino Toolkit
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12148 HIGH This Week

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Driver Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-13412 HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7923 HIGH This Week

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Alp L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-7922 HIGH This Week

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Alp L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-13806 HIGH This Week

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Td Keypad Designer
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-3669 HIGH This Week

A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Centrino Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-15502 HIGH This Week

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Loading Docs
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-16949 HIGH This Week

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openafs Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-16948 HIGH This Week

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-3655 HIGH PATCH This Week

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

Intel Information Disclosure Converged Security Management Engine Firmware Server Platform Services Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-6924 HIGH PATCH This Week

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2018-3659 MEDIUM This Month

A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-7572 MEDIUM This Month

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ivanti Pulse Secure Desktop
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-3686 MEDIUM PATCH This Month

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection RCE Intel Sa 00086 Detection Tool
NVD
CVSS 3.0
6.7
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy