Skip to main content
CVE-2018-5285 HIGH POC This Week

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Imageinject
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-5282 HIGH POC This Week

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft Buffer Overflow Xperience
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-5279 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-5277 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5276 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5275 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5274 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5273 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5272 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5271 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-5270 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-5283 HIGH POC This Week

The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Apple Photos In Wifi
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5291 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5290 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5289 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5287 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5266 HIGH POC This Week

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sea Tel 121 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5259 HIGH This Week

Discuz!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Discuzx
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5298 HIGH This Week

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Oral B App
NVD
CVSS 3.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy