Skip to main content
CVE-2018-18861 CRITICAL POC Act Now

Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Pcman Ftp Server
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-18439 CRITICAL POC Act Now

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow U Boot
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2018-19367 CRITICAL POC Act Now

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Portainer
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18864 CRITICAL POC Act Now

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Enterprise Va Max
NVD
CVSS 3.0
9.6
EPSS
2.6%
CVE-2018-18773 HIGH POC This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Webpanel
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-18772 HIGH POC This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Command Injection PHP Webpanel
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-18865 HIGH POC This Week

The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Royal Ts Royal Tsx
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
8.0%
CVE-2018-18859 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18858 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18857 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18856 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18440 HIGH POC This Week

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow U Boot
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-19396 HIGH POC This Week

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization PHP
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-19395 HIGH POC This Week

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service PHP
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-19376 MEDIUM POC This Month

An issue was discovered in GreenCMS v2.3.0603. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Greencms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-18774 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.8%
CVE-2018-16223 CRITICAL Act Now

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qbeecam
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18563 CRITICAL Act Now

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware +2
NVD
CVSS 3.0
9.6
EPSS
1.0%
CVE-2018-19390 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-19389 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-19388 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-19335 MEDIUM POC PATCH This Month

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-19334 MEDIUM POC PATCH This Month

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-10099 MEDIUM POC PATCH This Month

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-18562 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-18561 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Firmware Base Unit Hub Firmware
NVD
CVSS 3.0
8.0
EPSS
0.7%
CVE-2018-1779 HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Api Connect
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-18564 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2018-18565 MEDIUM This Month

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware Coaguchek Xs Plus Firmware +1
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-16222 MEDIUM This Month

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Ismartalarm
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-18716 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-18715 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-17948 MEDIUM This Month

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-16224 MEDIUM This Month

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cubeone Firmware
NVD
CVSS 3.0
5.3
EPSS
6.6%
CVE-2018-12038 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO devices. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Samsung 840 Evo Firmware
NVD
CVSS 3.0
4.2
EPSS
0.6%
CVE-2018-12037 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and. Rated medium severity (CVSS 4.0).

Information Disclosure Samsung 840 Evo Firmware 850 Evo Firmware T3 Firmware +4
NVD
CVSS 3.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy