Skip to main content
CVE-2018-18957 CRITICAL POC THREAT Act Now

An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libiec61850
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
11.6%
CVE-2018-9208 CRITICAL POC Act Now

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jquery Picture Cut
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-18934 CRITICAL POC Act Now

An issue was discovered in PopojiCMS v2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-18935 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-18950 HIGH POC This Week

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Kindeditor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-18937 HIGH POC This Week

An issue has been found in libIEC61850 v1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-18936 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Popojicms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-18942 HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-18949 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
24.5%
CVE-2018-18933 CRITICAL PATCH Act Now

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader U3D
NVD GitHub
CVSS 3.0
9.1
EPSS
3.0%
CVE-2018-13397 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-13396 HIGH This Week

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple Sourcetree
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-18952 MEDIUM POC This Month

JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeecms
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18943 MEDIUM POC PATCH This Month

An issue was discovered in baserCMS before 4.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Basercms
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-18939 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-18938 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-18820 HIGH PATCH This Week

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service RCE Buffer Overflow Icecast Debian Linux
NVD
CVSS 3.0
8.1
EPSS
48.9%
CVE-2018-17913 HIGH This Week

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-17909 HIGH This Week

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-17905 HIGH This Week

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-18956 HIGH This Week

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service Buffer Overflow
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-17907 LOW Monitor

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cx Supervisor
NVD
CVSS 3.0
3.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy