Skip to main content
CVE-2018-18488 CRITICAL POC Act Now

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18486 CRITICAL POC Act Now

An issue was discovered in PHPSHE 1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-5186 CRITICAL POC Act Now

Memory safety bugs present in Firefox 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-18461 CRITICAL POC Act Now

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress RCE PHP Arigato Autoresponder And Newsletter
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-12387 CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
9.1
EPSS
9.6%
CVE-2018-12386 HIGH POC THREAT This Week

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.1
EPSS
13.4%
CVE-2018-12368 HIGH POC This Week

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Microsoft RCE Firefox Firefox Esr +1
NVD
CVSS 3.0
8.1
EPSS
4.8%
CVE-2018-18483 HIGH POC This Week

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2018-18487 HIGH POC This Week

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Gxlcms
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-18485 HIGH POC This Week

An issue was discovered in PHPSHE 1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpshe
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-18482 MEDIUM POC PATCH This Month

An issue was discovered in libpg_query 10-1.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libpg Query
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-18481 MEDIUM POC This Month

A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libopencad
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-18480 MEDIUM POC This Month

A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libopencad
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-18478 MEDIUM POC PATCH This Month

Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Librenms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-18460 MEDIUM POC This Month

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Live Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14807 CRITICAL Act Now

A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Pac Control
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-1822 CRITICAL PATCH Act Now

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Flashsystem 900 Firmware Flashsystem 840 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-5188 CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +9
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-5187 CRITICAL Act Now

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +2
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5156 CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-12378 CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12377 CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12376 CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-12369 CRITICAL Act Now

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-18484 MEDIUM POC This Month

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-12383 MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-18459 MEDIUM POC This Month

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-18458 MEDIUM POC This Month

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-18457 MEDIUM POC This Month

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-18456 MEDIUM POC This Month

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-18455 MEDIUM POC This Month

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-18454 MEDIUM POC This Month

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-12382 MEDIUM POC This Month

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-12375 HIGH This Week

Memory safety bugs present in Firefox 61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12370 HIGH PATCH This Week

In Reader View SameSite cookie protections are not checked on exiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Mozilla CSRF Ubuntu Linux Firefox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-12364 HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12363 HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12362 HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-12361 HIGH This Week

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Firefox Firefox Esr +3
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-12360 HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12359 HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-15758 HIGH PATCH This Week

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Privilege Escalation Spring Security Oauth
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-11080 HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11079 HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12379 HIGH This Week

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15756 HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework Agile Plm Communications Brm Elastic Charging Engine +37
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2018-12385 HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-12373 MEDIUM This Month

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-12372 MEDIUM This Month

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-12366 MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
6.5
EPSS
3.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy