Skip to main content
CVE-2018-19127 CRITICAL POC THREAT Act Now

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Phpcms
NVD GitHub
CVSS 3.0
9.8
EPSS
20.8%
CVE-2018-19126 CRITICAL POC PATCH THREAT Act Now

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Prestashop
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
22.5%
CVE-2018-19138 HIGH POC This Week

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wstmart
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-17612 HIGH POC PATCH This Week

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Headsetup Windows 10 Windows 7 +6
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-19125 HIGH POC PATCH THREAT This Week

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prestashop
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
10.8%
CVE-2018-19130 MEDIUM POC This Month

In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19145 MEDIUM POC This Month

An issue was discovered in S-CMS v1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19137 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
6.1
EPSS
2.9%
CVE-2018-19136 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.7%
CVE-2018-19139 MEDIUM POC This Month

An issue has been found in JasPer 2.0.14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jasper Fedora Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-19122 MEDIUM POC This Month

An issue has been found in libIEC61850 v1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-19121 MEDIUM POC This Month

An issue has been found in libIEC61850 v1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-15796 HIGH This Week

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bits Service
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1834 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1802 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1781 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1780 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1774 HIGH This Week

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Api Connect
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-19124 HIGH PATCH This Week

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Prestashop
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-19129 MEDIUM This Month

In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-19128 MEDIUM This Month

In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1857 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1684 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-19131 MEDIUM PATCH This Month

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Squid
NVD GitHub
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-14644 MEDIUM This Month

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.0
5.9
EPSS
4.8%
CVE-2018-19132 MEDIUM PATCH This Month

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Squid Debian Linux
NVD GitHub
CVSS 3.0
5.9
EPSS
6.1%
CVE-2018-1799 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1872 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-19133 MEDIUM PATCH This Month

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Flarum
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-1842 LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack Cognos Analytics Oncommand Insight
NVD
CVSS 3.0
3.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy