Skip to main content
CVE-2018-19646 CRITICAL POC Act Now

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Securesphere
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-19370 MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure PHP Yoast Seo
NVD GitHub
CVSS 3.0
6.6
EPSS
3.2%
CVE-2018-14629 MEDIUM POC PATCH This Month

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
5.2%
CVE-2018-19621 MEDIUM POC This Month

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Showdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-18203 MEDIUM POC This Month

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack RCE Starlink 2017 Firmware Starlink 2018 Firmware Starlink 2019 Firmware
NVD GitHub
CVSS 3.0
6.4
EPSS
0.2%
CVE-2018-19630 MEDIUM POC This Month

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lede Openwrt
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17156 MEDIUM POC This Month

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Freebsd
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-17930 CRITICAL Act Now

A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Sherlock
NVD
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-15441 CRITICAL Act Now

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Cisco Prime License Manager
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-14749 CRITICAL Act Now

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qts
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-14746 CRITICAL Act Now

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qts
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-5559 MEDIUM POC This Month

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Komand
NVD
CVSS 3.0
4.9
EPSS
0.6%
CVE-2018-19620 MEDIUM POC PATCH This Month

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-12120 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
8.1
EPSS
4.3%
CVE-2018-5918 HIGH This Week

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5917 HIGH This Week

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware Sd 425 Firmware Sd 430 Firmware +11
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-5912 HIGH This Week

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware Sd 450 Firmware Sd 625 Firmware +6
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5877 HIGH This Week

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9640 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5870 HIGH This Week

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sda660 Firmware Sdx24 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11996 HIGH This Week

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11994 HIGH This Week

SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +17
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11921 HIGH This Week

Failure condition is not handled properly and the correct error code is not returned. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +26
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11264 HIGH This Week

Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +16
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-12122 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Node Js Suse Enterprise Storage Suse Linux Enterprise Server +1
NVD
CVSS 3.1
7.5
EPSS
41.3%
CVE-2018-12121 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Node Js Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2018-12116 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Node Js Suse Enterprise Storage Suse Linux Enterprise Server +1
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2018-14748 HIGH This Week

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qts
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14747 HIGH This Week

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qts
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-19651 MEDIUM This Month

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Email Marketer
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-5916 MEDIUM This Month

Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware +33
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16851 MEDIUM PATCH This Month

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-16841 MEDIUM PATCH This Month

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Samba Ubuntu Linux +1
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2018-16857 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-16853 MEDIUM This Month

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Samba
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-1584 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16852 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba
NVD
CVSS 3.0
4.4
EPSS
2.2%
CVE-2018-12123 MEDIUM PATCH This Month

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
4.3
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy