Skip to main content
CVE-2018-17552 CRITICAL POC PATCH THREAT Act Now

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Navigate Cms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
84.1%
CVE-2018-17553 HIGH POC PATCH THREAT Act Now

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Path Traversal PHP Navigate Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
79.0%
CVE-2018-17408 HIGH POC THREAT Act Now

Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Zahir Enterprise Plus
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
19.0%
CVE-2018-17881 CRITICAL POC Act Now

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-17428 CRITICAL POC Act Now

An issue was discovered in OPAC EasyWeb Five 5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opac Easyweb Five
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-17969 CRITICAL POC Act Now

Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Scx 6545X Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-16049 CRITICAL POC Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-3994 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3993 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3946 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-17942 HIGH POC PATCH This Week

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gnulib
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-3967 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2018-3966 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2018-3965 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2018-3964 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
9.5%
CVE-2018-17880 HIGH POC This Week

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-17562 HIGH POC This Week

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Faxfinder
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-16051 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-16048 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-17054 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sitefinity Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17053 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sitefinity Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16050 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17947 MEDIUM POC This Month

The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Snazzy Maps
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-17974 MEDIUM POC This Month

An issue was discovered in Tcpreplay 4.3.0 beta1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-5921 HIGH This Week

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF F2A70A Firmware F2A71A Firmware F2A67A Firmware +191
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-3995 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-14800 HIGH This Week

Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ispsoft
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-6689 HIGH This Week

Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Data Loss Prevention Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-17540 HIGH PATCH This Week

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-17967 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-17966 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-17965 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1794 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1793 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-17946 MEDIUM This Month

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Slideshow Gallery
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6695 MEDIUM This Month

SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Threat Intelligence Exchange Server
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2018-17972 MEDIUM PATCH This Month

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12087 MEDIUM PATCH This Month

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ua Net Legacy Ua Netstandard
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-17938 MEDIUM This Month

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.0
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy