Skip to main content
CVE-2018-5749 CRITICAL POC Act Now

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Premium Minecraft Servers List Minecraft Servers List Lite
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-5359 HIGH POC This Week

The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Sysgauge
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.0%
CVE-2018-6029 HIGH POC This Week

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Nonecms
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6022 MEDIUM POC This Month

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Nonecms
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6014 MEDIUM POC This Month

Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Subsonic
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-5950 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mailman Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.1
EPSS
4.6%
CVE-2018-5683 MEDIUM POC PATCH This Month

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Qemu Debian Linux +7
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2018-6013 MEDIUM POC This Month

Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1000014 HIGH PATCH This Week

Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Translation Assistance
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1000013 HIGH PATCH This Week

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Release
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000012 HIGH PATCH This Week

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000011 HIGH This Week

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Findbugs
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000010 HIGH PATCH This Week

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Dry
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000009 HIGH PATCH This Week

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Checkstyle
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000008 HIGH PATCH This Week

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Pmd
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1000015 MEDIUM PATCH This Month

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline Nodes And Processes
NVD
CVSS 3.0
4.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy