Skip to main content
CVE-2018-7633 CRITICAL POC Act Now

Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Epicentro
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-7631 CRITICAL POC Act Now

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Epicentro
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-18197 CRITICAL POC Act Now

An issue was discovered in libgig 4.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-18084 CRITICAL POC Act Now

An issue was discovered in DuomiCMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Duomicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2018-18083 CRITICAL POC Act Now

An issue was discovered in DuomiCMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Duomicms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-18075 CRITICAL POC Act Now

WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wikidforum
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14649 CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-18201 HIGH POC This Week

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Qibosoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18196 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18194 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18193 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18191 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Finecms
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-18086 HIGH POC This Week

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Empirecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-7632 HIGH POC This Week

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Epicentro
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-17962 HIGH POC This Week

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qemu Ubuntu Linux Debian Linux Linux +1
NVD
CVSS 3.0
7.5
EPSS
4.5%
CVE-2018-18074 HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests Ubuntu Linux Leap +3
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-18071 HIGH POC This Week

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Mercedes Me
NVD VulDB
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18195 MEDIUM POC This Month

An issue was discovered in libgig 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libgig
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18192 MEDIUM POC This Month

An issue was discovered in libgig 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18088 MEDIUM POC This Month

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-18198 MEDIUM POC PATCH This Month

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Redaxo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17866 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Ultimate Member
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-18082 MEDIUM POC This Month

XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18200 CRITICAL Act Now

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Redaxo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-17963 CRITICAL PATCH Act Now

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Qemu Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-14081 CRITICAL Act Now

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12474 CRITICAL Act Now

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tar Scm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-18087 MEDIUM POC This Month

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Portfolio
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-18029 MEDIUM POC PATCH This Month

Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Navigate Cms
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17858 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-17855 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Joomla
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-10614 HIGH This Week

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Levistudiou
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-10610 HIGH This Week

An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Levistudiou
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-2475 HIGH This Week

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Gardener
NVD
CVSS 3.0
8.5
EPSS
1.3%
CVE-2018-17958 HIGH PATCH This Week

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Qemu Ubuntu Linux Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-11796 HIGH PATCH This Week

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Apache Tika
NVD
CVSS 3.0
7.5
EPSS
6.9%
CVE-2018-14080 HIGH This Week

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-2471 HIGH This Week

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2469 HIGH This Week

Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2468 HIGH This Week

Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12479 HIGH This Week

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12477 HIGH This Week

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17856 HIGH PATCH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Joomla
NVD
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-15543 MEDIUM This Month

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Telegram
NVD GitHub
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-6977 MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-2474 MEDIUM This Month

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Fiori
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-12478 MEDIUM This Month

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15542 MEDIUM This Month

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Authentication Bypass Telegram
NVD GitHub
CVSS 3.0
6.4
EPSS
0.3%
CVE-2018-18199 MEDIUM PATCH This Month

Mediamanager in REDAXO before 5.6.4 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2472 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Bi Platform
NVD
CVSS 3.0
6.1
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy