Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-0505 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | 6.5 | 1.92% | 2018-10-04 | 2026-06-16 |
| CVE-2018-0504 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | 6.5 | 2.80% | 2018-10-04 | 2026-06-16 |
| CVE-2018-0503 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | 4.3 | 1.52% | 2018-10-04 | 2026-06-16 |
| CVE-2013-7203 | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | 5.5 | 0.42% | 2018-09-21 | 2026-06-16 |
| CVE-2018-13259 | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | 9.8 | 2.72% | 2018-09-05 | 2026-06-16 |
| CVE-2018-0502 | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. | 9.8 | 2.49% | 2018-09-05 | 2026-06-16 |
| CVE-2011-2767 | mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 | 8.95% | 2018-08-26 | 2026-06-16 |
| CVE-2018-0501 | The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | 5.9 | 0.95% | 2018-08-20 | 2026-06-16 |
| CVE-2018-0498 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. | 4.7 | 0.37% | 2018-07-28 | 2026-06-16 |
| CVE-2018-0497 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169. | 5.9 | 2.67% | 2018-07-28 | 2026-06-16 |
| CVE-2014-4150 | The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | 5.5 | 0.46% | 2018-07-20 | 2026-06-16 |
| CVE-2018-0500 | Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). | 9.8 | 6.43% | 2018-07-11 | 2026-06-16 |
| CVE-2018-0499 | A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | 6.1 | 1.45% | 2018-07-02 | 2026-06-16 |
| CVE-2018-0495 | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 4.7 | 0.89% | 2018-06-13 | 2026-06-16 |
| CVE-2018-0496 | Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | 7.5 | 2.45% | 2018-06-12 | 2026-06-16 |
| CVE-2018-0494 | GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | 6.5 | 17.04% | 2018-05-06 | 2026-06-16 |
| CVE-2017-0372 | Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 9.8 | 11.65% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0370 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | 5.3 | 1.43% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0369 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | 6.5 | 1.21% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0368 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | 5.3 | 1.52% | 2018-04-13 | 2026-06-16 |