Skip to main content
CVE-2018-18696 HIGH POC This Week

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Microstrategy
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-20549 HIGH POC This Week

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20548 HIGH POC This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20545 HIGH POC PATCH This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-20542 HIGH POC PATCH This Week

There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libxsmm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-20541 HIGH POC PATCH This Week

There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libxsmm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-1000888 HIGH POC PATCH THREAT This Week

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Pear Archive Tar Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.2%
CVE-2018-20547 HIGH POC This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2018-20546 HIGH POC PATCH This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-15007 HIGH POC This Week

The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Command Injection Sky Elite 6 0L Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-20553 HIGH POC PATCH This Week

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-20552 HIGH POC PATCH This Week

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-14984 HIGH POC This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Z5C Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-20578 HIGH POC This Week

An issue was discovered in NuttX before 7.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nuttx
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-20575 HIGH POC This Week

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-18667 HIGH POC This Week

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pylontoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18666 HIGH POC This Week

The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Swftcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18665 HIGH POC This Week

The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Nexxustoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000890 HIGH POC This Week

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Frontaccounting
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-15005 HIGH POC This Week

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2018-14985 HIGH POC This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Z5C Firmware
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-1000889 HIGH PATCH This Week

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Logisim Evolution
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-14988 HIGH This Week

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mxq Tv Box Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14986 HIGH This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Z5C Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-20571 HIGH This Week

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-17539 HIGH This Week

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Ocnos Zebos
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1000624 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service PHP V2I Hub
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1000630 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP V2I Hub
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2018-14987 HIGH This Week

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Mxq Tv Box Firmware
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-20579 HIGH This Week

{' or '[' character. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy