Skip to main content
CVE-2018-3885 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3884 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3883 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-3882 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-16981 HIGH POC This Week

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Image H Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-13411 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-16951 HIGH POC This Week

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xunfeng
NVD GitHub
CVSS 3.0
8.0
EPSS
0.8%
CVE-2018-16962 HIGH POC This Week

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Secureanywhere
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-16946 HIGH POC This Week

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal PHP Lnb5110 Firmware Lnb5320 Firmware +16
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
9.3%
CVE-2018-16388 HIGH POC PATCH This Week

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP E107
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-15610 HIGH This Week

A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ip Office
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-13807 HIGH This Week

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance X408 Firmware Scalance X300 Firmware Scalance X414 Firmware
NVD
CVSS 3.0
8.6
EPSS
4.2%
CVE-2018-3643 HIGH PATCH This Week

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Intel RCE Converged Security Management Engine Firmware Server Platform Services Firmware
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-12176 HIGH This Week

Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Denial Of Service Information Disclosure Intel +3
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2018-16976 HIGH PATCH This Week

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Information Disclosure Gitolite
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-12175 HIGH This Week

Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12168 HIGH This Week

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12162 HIGH This Week

Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Information Disclosure Openvino Toolkit
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-12148 HIGH This Week

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Driver Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-13412 HIGH This Week

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7923 HIGH This Week

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Alp L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-7922 HIGH This Week

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Alp L09 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-13806 HIGH This Week

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Td Keypad Designer
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-3669 HIGH This Week

A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Centrino Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-15502 HIGH This Week

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Loading Docs
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-16949 HIGH This Week

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openafs Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-16948 HIGH This Week

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-3655 HIGH PATCH This Week

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

Intel Information Disclosure Converged Security Management Engine Firmware Server Platform Services Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-6924 HIGH PATCH This Week

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy