Skip to main content
CVE-2018-16283 CRITICAL POC THREAT Act Now

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Wechat Brodcast
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
63.1%
CVE-2018-13140 HIGH POC This Week

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft RCE Antidote 9
NVD
CVSS 3.0
8.1
EPSS
6.6%
CVE-2018-16299 HIGH POC THREAT This Week

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Localize My Post
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
44.4%
CVE-2018-17439 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.3 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17438 MEDIUM POC This Month

A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-17437 MEDIUM POC This Month

Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-17436 MEDIUM POC This Month

ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17435 MEDIUM POC This Month

A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17434 MEDIUM POC This Month

A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-17433 MEDIUM POC This Month

A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17432 MEDIUM POC This Month

A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17107 CRITICAL PATCH Act Now

In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14318 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Buffer Overflow Stack Overflow Galaxy S8 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11614 HIGH This Week

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Samsung Members
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-10496 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Samsung Samsung Internet Browser
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-10502 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Galaxy Apps
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10497 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6700 HIGH This Week

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE True Key
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-17281 HIGH PATCH This Week

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.0
7.5
EPSS
53.4%
CVE-2018-12975 HIGH This Week

The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cryptosaga
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-10501 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Path Traversal Notes
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-10500 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Samsung Galaxy Apps
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2018-10499 HIGH This Week

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Samsung Galaxy Apps
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-6682 MEDIUM This Month

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS True Key
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-14825 MEDIUM This Month

On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Honeywell Cn80 Ct40 +12
NVD
CVSS 3.0
5.8
EPSS
0.8%
CVE-2018-10498 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15615 MEDIUM This Month

A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Call Management System Supervisor
NVD
CVSS 3.0
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy