Skip to main content
CVE-2018-6000 CRITICAL POC THREAT Emergency

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asuswrt
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
84.2%
CVE-2018-5999 CRITICAL POC THREAT Emergency

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Asuswrt
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.2%
CVE-2018-1042 MEDIUM POC PATCH THREAT This Month

Moodle 3.x has Server Side Request Forgery in the filepicker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Moodle
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
15.6%
CVE-2018-6002 MEDIUM POC This Month

The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Soundy Background Music
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6001 MEDIUM POC This Month

The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Soundy Audio Playlist
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-5962 MEDIUM POC This Month

index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-5961 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-0862 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
18.6%
CVE-2018-0849 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
18.6%
CVE-2018-0848 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
20.5%
CVE-2018-6009 HIGH PATCH This Week

In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Yiiframework
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-5960 HIGH This Week

Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Zenario
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-5761 HIGH This Week

A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware Cdm
NVD GitHub
CVSS 3.0
8.1
EPSS
0.5%
CVE-2018-5968 HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind Debian Linux Openshift Container Platform +6
NVD GitHub
CVSS 3.1
8.1
EPSS
7.0%
CVE-2018-0845 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
7.8
EPSS
19.7%
CVE-2018-6010 HIGH PATCH This Week

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Yiiframework
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-6003 HIGH PATCH This Week

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libtasn1 Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-1043 MEDIUM PATCH This Month

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1045 MEDIUM PATCH This Month

In Moodle 3.x, there is XSS via a calendar event name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1044 MEDIUM PATCH This Month

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-1000003 LOW Monitor

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.0
3.7
EPSS
1.3%
CVE-2018-1000002 LOW Monitor

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Knot Resolver
NVD
CVSS 3.1
3.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy