Skip to main content
CVE-2018-17618 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-17617 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17616 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17615 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-18387 HIGH This Week

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Playsms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-18745 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18744 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18743 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18741 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18740 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18739 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18738 MEDIUM POC This Month

An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18726 MEDIUM POC This Month

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18725 MEDIUM POC This Month

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18724 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18723 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18722 MEDIUM POC This Month

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18721 MEDIUM POC This Month

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18720 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18717 MEDIUM POC This Month

An issue was discovered in Eleanor CMS through 2015-03-19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eleanor Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18699 HIGH This Week

An issue was discovered in GoPro gpmf-parser 1.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18694 MEDIUM POC This Month

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-17910 HIGH This Week

WebAccess Versions 8.3.2 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Webaccess
NVD
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-17908 HIGH This Week

WebAccess Versions 8.3.2 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11884 HIGH This Week

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11882 HIGH This Week

Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11880 HIGH This Week

Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11879 HIGH This Week

When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Authentication Bypass Qualcomm Sd 845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11877 HIGH This Week

When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11876 HIGH This Week

Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11875 HIGH This Week

Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11874 HIGH This Week

Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11873 HIGH This Week

Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11872 HIGH This Week

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11871 HIGH This Week

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +46
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11870 HIGH This Week

Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9635M Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11867 HIGH This Week

Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11866 HIGH This Week

Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Ipq8074 Firmware Mdm9206 Firmware +23
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11865 HIGH This Week

Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware +22
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11862 HIGH This Week

Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11861 HIGH This Week

Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11859 HIGH This Week

Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11858 HIGH This Week

When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11857 HIGH This Week

Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11856 HIGH This Week

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18718 HIGH PATCH This Week

An issue was discovered in gThumb through 3.6.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Gthumb Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-18771 HIGH This Week

An issue was discovered in LuLu CMS through 2015-05-14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Lulu Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-18713 HIGH This Week

The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Phpyun
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-17622 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-1767 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy