Skip to main content
CVE-2018-17480 HIGH POC KEV THREAT This Week

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Deserialization Google Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
34.3%
CVE-2018-20057 HIGH POC This Week

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 619l Firmware Dir 605l Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-20064 HIGH POC This Week

doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Doorgets
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-19969 HIGH PATCH This Week

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Phpmyadmin
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-18359 HIGH This Week

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18356 HIGH This Week

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Chrome Debian Linux +8
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-18354 HIGH This Week

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18347 HIGH This Week

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18343 HIGH This Week

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18342 HIGH This Week

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Deserialization Google Memory Corruption +5
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-18341 HIGH This Week

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-18340 HIGH This Week

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18339 HIGH This Week

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18338 HIGH This Week

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18337 HIGH This Week

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-18336 HIGH This Week

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-18335 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Enterprise Linux Desktop +4
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-17481 HIGH This Week

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2494 HIGH This Week

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Application Software Integrated Solution
NVD
CVSS 3.0
8.0
EPSS
0.8%
CVE-2018-20061 HIGH This Week

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python Erpnext
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20058 HIGH This Week

In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Evernote
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-2503 HIGH This Week

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2018-2492 HIGH This Week

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy