Skip to main content
CVE-2018-19222 CRITICAL POC Act Now

An issue was discovered in LAOBANCMS 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-19221 CRITICAL POC Act Now

An issue was discovered in LAOBANCMS 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laobancms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-19220 CRITICAL POC Act Now

An issue was discovered in LAOBANCMS 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Laobancms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-19207 CRITICAL POC THREAT Act Now

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Wp Gdpr Compliance
NVD
CVSS 3.0
9.8
EPSS
87.3%
CVE-2018-19196 CRITICAL POC Act Now

An issue was discovered in XiaoCms 20141229. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Xiaocms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-19185 CRITICAL POC Act Now

An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-19225 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Laobancms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19192 HIGH POC This Week

An issue was discovered in XiaoCms 20141229. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xiaocms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18920 HIGH POC PATCH This Week

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Py Evm
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-19216 HIGH POC PATCH This Week

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Use After Free Netwide Assembler Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-19215 HIGH POC This Week

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-19214 HIGH POC PATCH This Week

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-19228 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Laobancms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19224 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Laobancms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-19184 HIGH POC PATCH This Week

cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19183 HIGH POC This Week

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ethereumjs Vm
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-19219 MEDIUM POC This Month

In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libsass
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19218 MEDIUM POC This Month

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsass
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19217 MEDIUM POC This Month

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19212 MEDIUM POC This Month

In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libwebm
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-19210 MEDIUM POC This Month

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-19208 MEDIUM POC This Month

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwpd Enterprise Linux Suse Linux Enterprise Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-19195 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiaocms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19193 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiaocms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19199 CRITICAL PATCH Act Now

An issue was discovered in uriparser before 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Uriparser Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-19198 CRITICAL PATCH Act Now

An issue was discovered in uriparser before 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Uriparser Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-19213 MEDIUM POC This Month

Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-19211 MEDIUM POC This Month

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19229 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19227 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19226 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Laobancms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-19194 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xiaocms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-19197 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Xiaocms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-19223 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19204 HIGH This Week

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Prtg Network Monitor
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-1884 HIGH This Week

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Case Manager
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-19205 HIGH This Week

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19203 HIGH This Week

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prtg Network Monitor
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-1786 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect Tivoli Storage Manager Spectrum Protect Manager For Virtual Environments Data Protection For Vmware +3
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-19200 HIGH PATCH This Week

An issue was discovered in uriparser before 0.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Uriparser Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-19206 MEDIUM This Month

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmail Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
60.2%
CVE-2018-1798 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-19209 MEDIUM PATCH This Month

Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy