Skip to main content
CVE-2018-11742 CRITICAL POC THREAT Act Now

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Univerge Sv9100 Webpro Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
14.3%
CVE-2018-11741 CRITICAL POC THREAT Act Now

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Univerge Sv9100 Webpro Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
17.9%
CVE-2018-20480 CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20479 CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20477 CRITICAL POC Act Now

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-19616 HIGH POC THREAT This Week

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Rockwell Powermonitor 1000 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
30.3%
CVE-2018-18536 HIGH POC This Week

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aura Sync Firmware
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18535 HIGH POC This Week

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Aura Sync Firmware
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-20483 HIGH POC This Week

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wget
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-20404 HIGH POC This Week

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epia E900 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17987 HIGH POC This Week

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hashheroes
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-20478 HIGH POC This Week

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP S Cms
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-20502 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20481 MEDIUM POC PATCH This Month

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2018-20467 MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-19799 MEDIUM POC This Month

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.5%
CVE-2018-19615 MEDIUM POC This Month

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Rockwell Powermonitor 1000 Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.3%
CVE-2018-20486 MEDIUM POC This Month

MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20476 MEDIUM POC This Month

An issue was discovered in S-CMS 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19873 CRITICAL PATCH Act Now

An issue was discovered in Qt before 5.11.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qt Backports Leap Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-18537 MEDIUM POC This Month

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aura Sync Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-19870 HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-19182 HIGH PATCH This Week

Engelsystem before commit hash 2e28336 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Engelsystem
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15518 HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-20482 MEDIUM POC PATCH This Month

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c). Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Tar Debian Linux Leap
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2018-17957 HIGH This Week

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Repository Mirroring Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-19871 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19869 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20485 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-20484 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-0724 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Q Center Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0723 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Q Center Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-20217 MEDIUM PATCH This Month

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Kerberos Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy