Skip to main content
CVE-2018-19225 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Laobancms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19192 HIGH POC This Week

An issue was discovered in XiaoCms 20141229. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xiaocms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18920 HIGH POC PATCH This Week

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Py Evm
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-19216 HIGH POC PATCH This Week

Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Use After Free Netwide Assembler Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-19215 HIGH POC This Week

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-19214 HIGH POC PATCH This Week

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-19228 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Laobancms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19224 HIGH POC This Week

An issue was discovered in LAOBANCMS 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Laobancms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-19184 HIGH POC PATCH This Week

cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-19183 HIGH POC This Week

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ethereumjs Vm
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-19204 HIGH This Week

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Prtg Network Monitor
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-1884 HIGH This Week

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Case Manager
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-19205 HIGH This Week

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19203 HIGH This Week

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prtg Network Monitor
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-1786 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect Tivoli Storage Manager Spectrum Protect Manager For Virtual Environments Data Protection For Vmware +3
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-19200 HIGH PATCH This Week

An issue was discovered in uriparser before 0.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Uriparser Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy