Skip to main content
CVE-2018-15497 CRITICAL POC Act Now

The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Mivoice 5330E Firmware
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-18628 CRITICAL POC PATCH Act Now

An issue was discovered in Pippo 1.11.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
5.5%
CVE-2018-17873 HIGH POC This Week

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wifiranger Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-18599 HIGH POC This Week

Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stegdetect
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17968 HIGH POC This Week

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruletkaio
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17877 HIGH POC This Week

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Greedy 599
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-18603 MEDIUM POC This Month

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 360 Total Security
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-18437 MEDIUM POC This Month

In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Registro Elettronico
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-18622 MEDIUM POC This Month

An issue was discovered in Waimai Super Cms 20150505. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18608 MEDIUM POC This Month

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-18475 CRITICAL Act Now

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-17448 CRITICAL Act Now

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-17446 CRITICAL Act Now

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Citrix Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-17445 CRITICAL PATCH Act Now

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
11.1%
CVE-2018-14816 CRITICAL Act Now

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2018-14806 CRITICAL Act Now

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Webaccess
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-18607 MEDIUM POC This Month

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Debian Linux Data Ontap
NVD
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-18606 MEDIUM POC This Month

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Debian Linux Data Ontap
NVD
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-18605 MEDIUM POC This Month

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils Debian Linux +1
NVD
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-18586 MEDIUM POC PATCH This Month

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Libmspack
NVD GitHub
CVSS 3.0
5.3
EPSS
3.3%
CVE-2018-18589 HIGH This Week

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Real User Monitoring
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-18585 MEDIUM POC PATCH This Month

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmspack Debian Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
4.3
EPSS
3.1%
CVE-2018-14828 HIGH This Week

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8569 HIGH PATCH This Week

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Yammer
NVD
CVSS 3.0
7.8
EPSS
13.3%
CVE-2018-16837 HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower Debian Linux Package Hub
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-18329 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18328 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18327 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15367 HIGH This Week

A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15366 HIGH This Week

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7432 HIGH This Week

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7429 HIGH This Week

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-18467 HIGH PATCH This Week

An issue was discovered in Daniel Gultsch Conversations 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Conversations
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-17447 HIGH PATCH This Week

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-17444 HIGH This Week

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-14820 HIGH This Week

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-18626 HIGH This Week

An issue was discovered in PHPYun V4.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpyun
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-7431 MEDIUM This Month

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Python Path Traversal
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-18584 MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract Libmspack Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-7427 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-16235 MEDIUM This Month

Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Community
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16226 MEDIUM This Month

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Mivoice Office 400
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-12901 MEDIUM This Month

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP St Firmware
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13402 MEDIUM This Month

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-13401 MEDIUM This Month

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-18587 MEDIUM This Month

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appgini
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2018-13400 MEDIUM This Month

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Atlassian Jira Jira Server
NVD
CVSS 3.0
4.7
EPSS
1.4%
CVE-2018-7911 MEDIUM This Month

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Huawei Alp Al00B Firmware Alp Al00B Rsc Firmware +3
NVD
CVSS 3.0
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy