Skip to main content
CVE-2018-18201 HIGH POC This Week

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Qibosoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18196 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18194 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18193 HIGH POC This Week

An issue was discovered in libgig 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18191 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Finecms
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-18086 HIGH POC This Week

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Empirecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-7632 HIGH POC This Week

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Epicentro
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-17962 HIGH POC This Week

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qemu Ubuntu Linux Debian Linux Linux +1
NVD
CVSS 3.0
7.5
EPSS
4.5%
CVE-2018-18074 HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests Ubuntu Linux Leap +3
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-18071 HIGH POC This Week

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Mercedes Me
NVD VulDB
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-17858 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-17855 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Joomla
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-10614 HIGH This Week

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Levistudiou
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-10610 HIGH This Week

An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Levistudiou
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-2475 HIGH This Week

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Gardener
NVD
CVSS 3.0
8.5
EPSS
1.3%
CVE-2018-17958 HIGH PATCH This Week

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Qemu Ubuntu Linux Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-11796 HIGH PATCH This Week

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Apache Tika
NVD
CVSS 3.0
7.5
EPSS
6.9%
CVE-2018-14080 HIGH This Week

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-2471 HIGH This Week

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2469 HIGH This Week

Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2468 HIGH This Week

Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12479 HIGH This Week

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12477 HIGH This Week

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17856 HIGH PATCH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Joomla
NVD
CVSS 3.0
7.2
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy