Skip to main content
CVE-2018-19047 CRITICAL POC Act Now

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mpdf
NVD GitHub
CVSS 3.0
10.0
EPSS
2.1%
CVE-2018-19082 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow I5 Application Firmware I5 System Firmware C2 Application Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-19081 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2018-19078 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-19076 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-19069 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19067 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19064 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I5 Application Firmware I5 System Firmware C2 Application Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19063 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19061 CRITICAL POC Act Now

DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8021 CRITICAL POC PATCH THREAT Act Now

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Apache Superset
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
CVE-2018-19071 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-19093 HIGH POC This Week

An issue has been found in libIEC61850 v1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-19079 HIGH POC This Week

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19077 HIGH POC This Week

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow I5 Application Firmware I5 System Firmware +2
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-19074 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-19066 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19065 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19052 HIGH POC PATCH THREAT This Week

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lighttpd Backports Sle Leap Suse Linux Enterprise Server +1
NVD GitHub
CVSS 3.1
7.5
EPSS
14.1%
CVE-2018-19073 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2018-19070 HIGH POC This Week

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
7.2
EPSS
4.4%
CVE-2018-19053 HIGH POC This Week

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Pbootcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-19060 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19059 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-19058 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-19092 MEDIUM POC This Month

An issue was discovered in YzmCMS v5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19083 MEDIUM POC This Month

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wecenter
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19080 MEDIUM POC This Month

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19057 MEDIUM POC This Month

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplemde
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19056 MEDIUM POC This Month

pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19051 MEDIUM POC This Month

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19050 MEDIUM POC This Month

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16253 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16149 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-19072 MEDIUM POC This Month

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-19091 MEDIUM POC This Month

tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19090 MEDIUM POC This Month

tianti 2.3 has stored XSS in the article management module via an article title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19089 MEDIUM POC This Month

tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19075 MEDIUM POC This Month

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-19068 MEDIUM POC This Month

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18590 HIGH This Week

A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Operations Bridge
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-16844 HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux Ubuntu Linux Xcode
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2018-16843 HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2018-16845 MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
6.1
EPSS
9.8%
CVE-2018-16150 MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy