Skip to main content
CVE-2018-18556 CRITICAL POC THREAT Emergency

A privilege escalation issue was discovered in VyOS 1.1.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vyos
NVD
CVSS 3.1
9.9
EPSS
15.4%
CVE-2018-18555 CRITICAL POC Act Now

A sandbox escape issue was discovered in VyOS 1.1.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vyos
NVD
CVSS 3.0
9.9
EPSS
1.8%
CVE-2018-20133 CRITICAL POC Act Now

ymlref allows code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ymlref
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-20027 CRITICAL POC Act Now

The yaml_parse.load method in Pylearn2 allows code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pylearn2
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-18249 CRITICAL POC Act Now

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Icinga Web 2
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20188 HIGH POC This Week

FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fuel Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20167 HIGH POC PATCH This Week

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Terminology
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-7812 HIGH POC This Week

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-18250 HIGH POC This Week

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga Web 2
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-20190 MEDIUM POC This Month

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-20189 MEDIUM POC PATCH This Month

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-20186 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-20184 MEDIUM POC PATCH This Month

In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-19936 MEDIUM POC This Month

PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Printeron
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-18246 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icinga Web 2
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-14856 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14855 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14854 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14852 MEDIUM POC This Month

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
1.0%
CVE-2018-19933 MEDIUM POC PATCH This Month

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-19828 MEDIUM POC This Month

Artica Integria IMS 5.0.83 has XSS via the search_string parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Integria Ims
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-20172 MEDIUM POC This Month

An issue was discovered in Nagios XI before 5.5.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-20171 MEDIUM POC This Month

An issue was discovered in Nagios XI before 5.5.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-19822 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19821 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19820 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19819 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19818 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19817 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19816 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19815 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19814 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19813 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19812 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19811 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19810 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19809 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19775 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19774 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19773 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19772 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19771 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19770 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19769 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19768 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19767 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19766 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19765 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19649 MEDIUM POC This Month

XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18248 MEDIUM POC This Month

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
6.1
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy