Skip to main content
CVE-2018-5315 CRITICAL POC Act Now

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Wp Events Calendar
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-5262 CRITICAL POC THREAT Act Now

A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Diskboss
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
39.1%
CVE-2018-5347 CRITICAL POC THREAT Act Now

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Personal Cloud Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
54.2%
CVE-2018-5377 CRITICAL Act Now

Discuz!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Discuzx
NVD
CVSS 3.0
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy