Skip to main content
CVE-2018-18389 CRITICAL POC PATCH Act Now

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Neo4j
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-18375 CRITICAL POC Act Now

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airbox Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18382 HIGH POC This Week

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Advanced Hrm
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-11025 HIGH POC This Week

kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11024 HIGH POC This Week

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11023 HIGH POC This Week

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11022 HIGH POC This Week

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11021 HIGH POC This Week

kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-11019 HIGH POC This Week

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-18385 HIGH POC PATCH This Week

Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Asciidoctor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-18377 HIGH POC This Week

goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Airbox Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-18376 HIGH POC This Week

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airbox Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-10839 MEDIUM POC PATCH This Month

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-18308 MEDIUM POC PATCH This Month

In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bigtree Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-18307 MEDIUM POC This Month

A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alchemy Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-18384 MEDIUM POC PATCH This Month

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Unzip
NVD
CVSS 3.0
5.5
EPSS
2.6%
CVE-2018-18381 MEDIUM POC This Month

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-18374 MEDIUM POC This Month

XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-6974 HIGH PATCH This Week

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

VMware Information Disclosure Buffer Overflow Workstation Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-11020 MEDIUM POC This Month

kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fire Os
NVD GitHub
CVSS 3.0
4.4
EPSS
0.6%
CVE-2018-13399 HIGH This Week

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Atlassian Crucible Fisheye
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14772 HIGH PATCH This Week

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Pydio
NVD
CVSS 3.0
7.2
EPSS
6.6%
CVE-2018-1777 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy