Skip to main content
CVE-2018-20148 CRITICAL POC THREAT Act Now

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Debian Linux
NVD
CVSS 3.0
9.8
EPSS
30.9%
CVE-2018-18006 CRITICAL POC THREAT Act Now

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Microsoft Myprint
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2018-19007 CRITICAL Act Now

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection G Cam Efd 2251 Firmware G Cam Ewpc 2275 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-16874 HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal Go Backports Sle Leap +2
NVD
CVSS 3.1
8.1
EPSS
5.0%
CVE-2018-16873 HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Go Backports Sle Leap Linux Enterprise Server +1
NVD
CVSS 3.1
8.1
EPSS
66.3%
CVE-2018-3704 HIGH This Week

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Parallel Studio Parallel Studio Xe
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18097 HIGH This Week

Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Solid State Drive Toolbox
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18093 HIGH This Week

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Vtune Amplifier
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-20151 HIGH This Week

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-19003 HIGH This Week

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ex2100E Firmware Ls2100E Firmware Mark Vle Firmware
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-16875 HIGH PATCH This Week

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Leap
NVD
CVSS 3.0
7.5
EPSS
6.3%
CVE-2018-20156 HIGH This Week

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE PHP Wp Maintenance Mode
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-6707 HIGH This Week

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Denial Of Service RCE Agent
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-20152 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Debian Linux
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2018-20147 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-1977 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft IBM Denial Of Service Db2
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20150 MEDIUM PATCH This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
5.1%
CVE-2018-1848 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-3705 MEDIUM This Month

Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service System Defense Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-18096 MEDIUM This Month

Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Quickassist Technology For Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-12206 MEDIUM This Month

Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Quickassist Technology For Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-20153 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.5%
CVE-2018-20149 MEDIUM PATCH This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Apache Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
3.4%
CVE-2018-18984 MEDIUM This Month

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Carelink 2090 Programmer Firmware Carelink 9790 Programmer Firmware 29901 Encore Programmer Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2018-20155 MEDIUM This Month

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Maintenance Mode
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-20154 MEDIUM This Month

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wp Maintenance Mode
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-19413 MEDIUM PATCH This Month

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonarqube
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-14623 MEDIUM This Month

A SQL injection flaw was found in katello's errata-related API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Katello
NVD
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy