2018 CVEs

17817 CVEs published in 2018. 2229 critical, 7232 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2018
CVESeverityScorePublishedSummary
CVE-2018-21268Critical10.02020-06-25The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.ex…
CVE-2018-4031Critical10.02019-10-31An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function…
CVE-2018-4310Critical10.02019-04-03An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2018-18815Critical10.02019-03-07The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for Active…
CVE-2018-3991Critical10.02019-02-05An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafte…
CVE-2018-18505Critical10.02019-02-05An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server pa…
CVE-2018-5560Critical10.02019-01-31A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows…
CVE-2018-14721Critical10.02019-01-02FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block t…
CVE-2018-1000838Critical10.02018-12-20autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, deni…
CVE-2018-1000837Critical10.02018-12-20UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data…
CVE-2018-1000835Critical10.02018-12-20KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, d…
CVE-2018-1000831Critical10.02018-12-20K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denia…
CVE-2018-1000830Critical10.02018-12-20XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of…
CVE-2018-1000825Critical10.02018-12-20FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidenti…
CVE-2018-1000823Critical10.02018-12-20exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data…
CVE-2018-1000822Critical10.02018-12-20codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confiden…
CVE-2018-1000821Critical10.02018-12-20MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confide…
CVE-2018-1000820Critical10.02018-12-20neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosur…
CVE-2018-13816Critical10.02018-12-12A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. S…
CVE-2018-18843Critical10.02018-12-04The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.