Skip to main content
CVE-2018-17403 HIGH POC This Week

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-17401 HIGH POC This Week

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-17364 HIGH POC This Week

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Otcms
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-17341 HIGH POC This Week

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft PHP Bigtree Cms
NVD GitHub
CVSS 3.0
8.1
EPSS
1.9%
CVE-2018-17338 HIGH POC This Week

An issue has been found in pdfalto through 0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdfalto
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-17400 HIGH POC This Week

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe
NVD GitHub
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-17361 MEDIUM POC This Month

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Weaselcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17360 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-17359 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-17358 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-17404 MEDIUM POC This Month

The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Sbi Buddy
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-17402 MEDIUM POC This Month

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Phonepe
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-17368 MEDIUM POC This Month

An issue was discovered in PublicCMS V4.0.180825. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Publiccms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-17369 MEDIUM POC This Month

An issue was discovered in springboot_authority through 2017-03-06. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Authority
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-17366 HIGH This Week

An issue was discovered in MCMS 4.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-17407 HIGH PATCH This Week

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Tex Live Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy