Skip to main content
CVE-2018-16621 HIGH POC PATCH This Week

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Code Injection Nexus Repository Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2018-19291 MEDIUM POC This Month

An issue was discovered in DiliCMS 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dilicms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-19301 MEDIUM POC This Month

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teleport
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19289 MEDIUM POC PATCH This Month

An issue was discovered in Valine v1.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Valine
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-19287 MEDIUM POC PATCH This Month

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP Ninja Forms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
8.9%
CVE-2018-19286 MEDIUM POC This Month

The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Curtain
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-8529 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Team Foundation Server
NVD
CVSS 3.0
9.8
EPSS
13.5%
CVE-2018-0694 CRITICAL PATCH Act Now

FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Filezen
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-0684 CRITICAL Act Now

Buffer overflow in Denbun by NEOJAPAN Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debun Imap Debun Pop
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-0683 CRITICAL Act Now

Buffer overflow in Denbun by NEOJAPAN Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debun Imap Debun Pop
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-0682 CRITICAL Act Now

Denbun by NEOJAPAN Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debun Imap Debun Pop
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-0681 CRITICAL Act Now

Denbun by NEOJAPAN Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Debun Imap Debun Pop
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-0680 CRITICAL Act Now

Denbun by NEOJAPAN Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Debun Imap Debun Pop
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-16162 HIGH This Week

OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opendolphin
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-16161 HIGH This Week

OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opendolphin
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-0701 HIGH This Week

BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Apple Bluestacks
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0686 HIGH This Week

Denbun by NEOJAPAN Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Debun Imap Debun Pop
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-0685 HIGH This Week

SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Debun Pop
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-5407 MEDIUM POC PATCH This Month

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Ubuntu Linux Debian Linux Node Js OpenSSL +16
NVD GitHub Exploit-DB
CVSS 3.1
4.7
EPSS
3.4%
CVE-2018-0673 HIGH This Week

Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Garoon
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-16160 HIGH This Week

SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Securecore
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0692 HIGH This Week

Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spark Browser
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-16620 HIGH This Week

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-12543 HIGH This Week

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mosquitto
NVD
CVSS 3.0
7.5
EPSS
36.0%
CVE-2018-0700 HIGH This Week

YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yukiwiki
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0693 HIGH PATCH This Week

Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Filezen
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-0690 HIGH This Week

An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Music Center For Pc
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-14934 MEDIUM This Month

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trio 8500 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16163 MEDIUM This Month

OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opendolphin
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-16619 MEDIUM This Month

Sonatype Nexus Repository Manager before 3.14 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14935 MEDIUM This Month

The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trio 8500 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1643 MEDIUM PATCH This Month

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0699 MEDIUM This Month

Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yukiwiki
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0697 MEDIUM This Month

Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Metabase
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0695 MEDIUM This Month

Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usvn
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0687 MEDIUM This Month

Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Debun Imap Debun Pop
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-12480 MEDIUM This Month

Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19288 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-0691 MEDIUM PATCH This Month

Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Information Disclosure Apple Message
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-18954 MEDIUM PATCH This Month

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu Ubuntu Linux Leap
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-0679 MEDIUM This Month

Cross-site scripting vulnerability in multiple FXC Inc. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fxc5210 Firmware Fxc5218 Firmware Fxc5224 Firmware Fxc5426F Firmware +6
NVD
CVSS 3.0
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy