Skip to main content
CVE-2018-5988 CRITICAL POC THREAT Act Now

SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Flexible Poll
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-5986 CRITICAL POC Act Now

SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Easycarscript
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2018-5985 CRITICAL POC THREAT Act Now

SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Livecrm Saas Cloud
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-5984 CRITICAL POC Act Now

SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tumder
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-5979 CRITICAL POC THREAT Act Now

SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wchat
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.2%
CVE-2018-5978 CRITICAL POC Act Now

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zechat
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-5977 CRITICAL POC Act Now

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Affiligator
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-5972 CRITICAL POC THREAT Act Now

SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Quickad
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.1%
CVE-2018-1000007 CRITICAL PATCH Act Now

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Debian Linux Ubuntu Linux Enterprise Linux Desktop +10
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2018-4834 CRITICAL Act Now

A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pxc12 22 36 E D Firmware Pxc00 50 100 200 E D Firmware Pxc00 64 128 U Firmware Pxc001 E D Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2018-5778 CRITICAL Act Now

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Whatsup Gold
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-5777 CRITICAL Act Now

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-1000005 CRITICAL PATCH Act Now

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libcurl Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
9.1
EPSS
4.6%
CVE-2018-6018 CRITICAL Act Now

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Tinder
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2018-6017 CRITICAL Act Now

Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Tinder
NVD
CVSS 3.0
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy