Skip to main content
CVE-2018-20572 CRITICAL POC Act Now

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20577 CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
9.1
EPSS
0.6%
CVE-2018-18696 HIGH POC This Week

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Microstrategy
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-20549 HIGH POC This Week

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20548 HIGH POC This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20545 HIGH POC PATCH This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-20542 HIGH POC PATCH This Week

There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libxsmm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-20541 HIGH POC PATCH This Week

There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libxsmm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-1000888 HIGH POC PATCH THREAT This Week

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Pear Archive Tar Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.2%
CVE-2018-20547 HIGH POC This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2018-20546 HIGH POC PATCH This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-15007 HIGH POC This Week

The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Command Injection Sky Elite 6 0L Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-20553 HIGH POC PATCH This Week

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-20552 HIGH POC PATCH This Week

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-14984 HIGH POC This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Z5C Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-20578 HIGH POC This Week

An issue was discovered in NuttX before 7.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nuttx
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-20575 HIGH POC This Week

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-18667 HIGH POC This Week

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pylontoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18666 HIGH POC This Week

The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Swftcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18665 HIGH POC This Week

The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Nexxustoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000890 HIGH POC This Week

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Frontaccounting
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-15005 HIGH POC This Week

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2018-14985 HIGH POC This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Z5C Firmware
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-14998 MEDIUM POC This Month

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Command Injection P1 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-20574 MEDIUM POC This Month

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-20573 MEDIUM POC This Month

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-20570 MEDIUM POC This Month

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jasper Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20551 MEDIUM POC PATCH This Month

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20544 MEDIUM POC This Month

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcaca Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20543 MEDIUM POC This Month

There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxsmm
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20540 MEDIUM POC This Month

There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liblas
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-20539 MEDIUM POC This Month

There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Liblas
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-20537 MEDIUM POC This Month

There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Liblas
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20536 MEDIUM POC This Month

There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Liblas
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-20534 MEDIUM POC PATCH This Month

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-20533 MEDIUM POC PATCH This Month

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20532 MEDIUM POC PATCH This Month

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-15004 MEDIUM POC This Month

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Qualcomm Canvas Firmware
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-5204 CRITICAL Act Now

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Ml Report
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-5203 CRITICAL Act Now

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dextuploadx5
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-20569 CRITICAL Act Now

user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20568 CRITICAL PATCH Act Now

Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Authentication Bypass PHP Generic Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-1000631 CRITICAL Act Now

Battelle V2I Hub 3.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000628 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000627 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-1000626 CRITICAL Act Now

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-1000625 CRITICAL Act Now

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass V2I Hub
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-15006 MEDIUM POC This Month

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15001 MEDIUM POC This Month

The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V7 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14992 MEDIUM POC This Month

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Zenfone 3 Max Firmware
NVD
CVSS 3.0
5.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy