Skip to main content
CVE-2018-18935 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-18950 HIGH POC This Week

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Kindeditor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-18937 HIGH POC This Week

An issue has been found in libIEC61850 v1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-18936 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Popojicms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-18942 HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-13397 HIGH This Week

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sourcetree
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-13396 HIGH This Week

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple Sourcetree
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-18820 HIGH PATCH This Week

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service RCE Buffer Overflow Icecast Debian Linux
NVD
CVSS 3.0
8.1
EPSS
48.9%
CVE-2018-17913 HIGH This Week

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-17909 HIGH This Week

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-17905 HIGH This Week

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cx Supervisor
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-18956 HIGH This Week

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service Buffer Overflow
NVD
CVSS 3.0
7.5
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy