Skip to main content
CVE-2018-16462 CRITICAL POC PATCH Act Now

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Apex Publish Static Files
NVD
CVSS 3.1
10.0
EPSS
7.0%
CVE-2018-16461 CRITICAL POC PATCH Act Now

A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Libnmap
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-14558 CRITICAL POC KEV THREAT Act Now

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware Ac9 Firmware Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2018-18835 CRITICAL POC Act Now

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Doccms
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-18834 CRITICAL POC Act Now

An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18832 CRITICAL POC Act Now

admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dkcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18822 CRITICAL POC Act Now

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi New Media
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10532 HIGH POC This Week

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 4Gee Firmware
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18842 HIGH POC This Week

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Z Blogphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-18281 HIGH POC PATCH This Week

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-10712 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-10711 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-10709 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-16469 HIGH POC PATCH This Week

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Merge
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-10710 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
1.0%
CVE-2018-18829 MEDIUM POC This Month

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18828 MEDIUM POC This Month

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18827 MEDIUM POC This Month

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18826 MEDIUM POC This Month

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-8858 CRITICAL Act Now

If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vgo Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18830 CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18840 MEDIUM POC This Month

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16467 MEDIUM POC This Month

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Information Disclosure Nextcloud Server
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-17933 HIGH This Week

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vgo Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-18841 MEDIUM POC This Month

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16466 HIGH This Week

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-18831 HIGH This Week

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Mcms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-18817 HIGH This Week

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agent Connection Broker
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-17931 MEDIUM This Month

If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Vgo Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-18825 MEDIUM This Month

Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pagoda Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0734 MEDIUM PATCH This Month

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux Debian Linux Node Js +15
NVD
CVSS 3.1
5.9
EPSS
12.2%
CVE-2018-16464 MEDIUM This Month

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2018-16468 MEDIUM PATCH This Month

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-17783 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17782 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16465 MEDIUM This Month

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-16463 LOW Monitor

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Nextcloud Session Fixation Information Disclosure Nextcloud Server
NVD
CVSS 3.0
3.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy