Skip to main content
CVE-2018-15715 CRITICAL POC Act Now

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Zoom
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-7811 CRITICAL POC Act Now

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-7809 CRITICAL POC Act Now

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-19290 CRITICAL POC Act Now

In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Command Injection Budabot
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-15716 HIGH POC THREAT This Week

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nvrmini2 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.5%
CVE-2018-7831 HIGH POC This Week

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15767 HIGH POC THREAT This Week

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Openmanage Network Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.3%
CVE-2018-19760 HIGH POC This Week

cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libconfuse
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-19762 HIGH POC This Week

There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Libsixel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-18860 HIGH POC This Week

A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Switchvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7830 HIGH POC This Week

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-16476 HIGH POC PATCH This Week

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rails Cloudforms
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-15835 HIGH POC This Week

Android 1.0 through 9.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-3948 HIGH POC THREAT This Week

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl R600Vpn Firmware
NVD
CVSS 3.1
7.5
EPSS
23.1%
CVE-2018-19757 MEDIUM POC This Month

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-16477 MEDIUM POC PATCH This Month

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Rails
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-15768 MEDIUM POC This Month

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Openmanage Network Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.1%
CVE-2018-19758 MEDIUM POC This Month

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-7810 MEDIUM POC This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19763 MEDIUM POC This Month

There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19761 MEDIUM POC This Month

There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19759 MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19756 MEDIUM POC This Month

There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libsixel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-19777 MEDIUM POC This Month

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-19755 MEDIUM POC This Month

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-7807 HIGH This Week

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Expert
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-7806 HIGH This Week

Data Center Operation allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Operation
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-18987 HIGH This Week

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Vt Designer
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-18983 HIGH This Week

VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Vt Designer
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-1927 HIGH This Week

IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Storediq
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-14637 HIGH PATCH This Week

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Keycloak
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1897 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

IBM Buffer Overflow Microsoft RCE Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-9072 MEDIUM PATCH This Month

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Xclarity Integrator
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16097 MEDIUM PATCH This Month

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft VMware Xclarity Integrator
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16093 MEDIUM PATCH This Month

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload VMware Xclarity Integrator
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-0716 MEDIUM This Month

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qts
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1928 MEDIUM This Month

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storediq
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy