Skip to main content
CVE-2018-19908 HIGH POC PATCH THREAT Act Now

An issue was discovered in MISP 2.4.9x before 2.4.99. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Command Injection PHP Misp
NVD GitHub Exploit-DB VulDB
CVSS 3.0
8.8
EPSS
17.2%
CVE-2018-19925 CRITICAL POC Act Now

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales Company Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-19893 CRITICAL POC Act Now

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-19923 HIGH POC This Week

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Sales Company Management System
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19660 HIGH POC THREAT This Week

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nport W2X50A Firmware
NVD
CVSS 3.0
8.8
EPSS
30.9%
CVE-2018-19659 HIGH POC This Week

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nport W2X50A Firmware
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-19907 HIGH POC This Week

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Crafter Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-19898 HIGH POC This Week

ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkcmf
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-16601 HIGH POC This Week

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service RCE Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
8.1
EPSS
4.2%
CVE-2018-16526 HIGH POC This Week

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
8.1
EPSS
4.5%
CVE-2018-16525 HIGH POC This Week

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
8.1
EPSS
4.5%
CVE-2018-16522 HIGH POC This Week

Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Amazon Web Services Freertos
NVD GitHub
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-6757 HIGH POC This Week

Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft RCE True Key
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-6756 HIGH POC This Week

Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft True Key
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-6755 HIGH POC This Week

Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE True Key
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-19911 HIGH POC This Week

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Command Injection Freeswitch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-16523 HIGH POC This Week

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
7.4
EPSS
2.1%
CVE-2018-19897 HIGH POC This Week

ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkcmf
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-19896 HIGH POC This Week

ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkcmf
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-19895 HIGH POC This Week

ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkcmf
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-19894 HIGH POC This Week

ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkcmf
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-19926 MEDIUM POC This Month

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ip Stationweb Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19924 MEDIUM POC This Month

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sales Company Management System
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19922 MEDIUM POC This Month

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS C1000A Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16603 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16602 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16600 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16599 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16527 MEDIUM POC PATCH This Month

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16524 MEDIUM POC This Month

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-9556 CRITICAL PATCH Act Now

In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2018-19891 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19890 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19889 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19888 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19887 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19886 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-19882 MEDIUM POC This Month

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19881 MEDIUM POC This Month

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-19927 MEDIUM POC This Month

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ip Stationweb Firmware
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19919 MEDIUM POC This Month

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixelimity
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-19915 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
4.0%
CVE-2018-19914 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19913 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.8%
CVE-2018-9555 HIGH PATCH This Week

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2018-19892 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
4.8
EPSS
1.5%
CVE-2018-16528 HIGH This Week

Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Amazon Web Services Freertos
NVD GitHub
CVSS 3.0
8.1
EPSS
3.3%
CVE-2018-9568 HIGH PATCH This Week

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Buffer Overflow Android Ubuntu Linux +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-9567 HIGH This Week

On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-9560 HIGH This Week

In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy