LiveActive security incident?Get immediate response
CVE archive

October 2018

Browse CVE records published in October 2018, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1499 matching CVEs · Page 1 of 30.

Critical · CVSS 9.3

CVE-2018-25117: VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.

Published Oct 15, 2025 · Updated Jun 23, 2026

Critical · CVSS 9.3

CVE-2018-25120: D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.

Published Oct 29, 2025 · Updated May 14, 2026

Medium · CVSS 4.3

CVE-2018-16840: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to clo...

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Published Oct 31, 2018 · Updated Apr 16, 2026

Critical · CVSS 9.8

CVE-2018-25105: File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.

Published Oct 16, 2024 · Updated Apr 8, 2026

Critical · CVSS 10

CVE-2018-25118: GeoVision Command Injection RCE via /PictureCatch.cgi

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.

Published Oct 20, 2025 · Updated Apr 7, 2026

Medium · CVSS 5.1

CVE-2018-25119: Nagios Fusion < 4.1.5 XSS via fusionwindow Parameter

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Published Oct 30, 2025 · Updated Nov 17, 2025

High · CVSS 8.5

CVE-2018-25123: Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component

Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges.

Published Oct 30, 2025 · Updated Nov 17, 2025

High · CVSS 8.7

CVE-2018-25122: Nagios XI < 5.4.13 Component Download Page RCE

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.

Published Oct 30, 2025 · Updated Nov 17, 2025

Medium · CVSS 5.1

CVE-2018-25121: Nagios XI < 5.4.13 XSS via Views Page

Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Published Oct 30, 2025 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2018-8453: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handl...

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Published Oct 10, 2018 · Updated Oct 21, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2018-14558: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with f...

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.

Published Oct 30, 2018 · Updated Oct 21, 2025

High · CVSS 8 · CISA KEV

CVE-2018-19943: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Published Oct 28, 2020 · Updated Oct 21, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2018-19949: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Published Oct 28, 2020 · Updated Oct 21, 2025

Medium · CVSS 6.1 · CISA KEV

CVE-2018-19953: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Published Oct 28, 2020 · Updated Oct 21, 2025

Unknown · CVSS Not scored

CVE-2018-18307: A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image...

A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."

Published Oct 16, 2018 · Updated Aug 29, 2025

High · CVSS 7.8

CVE-2018-15687: systemd: chown_one() can dereference symlinks

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Published Oct 26, 2018 · Updated Jun 9, 2025

Unknown · CVSS Not scored

CVE-2018-0197: Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0414: Cisco Secure Access Control Server XML External Entity Injection Vulnerability

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0421: Cisco Prime Access Registrar Denial of Service Vulnerability

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0422: A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authent...

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0423: Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0424: Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0425: Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0426: Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.

Published Oct 5, 2018 · Updated Nov 26, 2024

Unknown · CVSS Not scored

CVE-2018-0430: Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.

Published Oct 5, 2018 · Updated Nov 26, 2024