Skip to main content
CVE-2018-6398 CRITICAL POC Act Now

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Event Calendar
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6395 CRITICAL POC Act Now

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Visual Calendar
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6406 HIGH POC This Week

The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libwebm
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-6397 HIGH POC THREAT This Week

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Picture Calendar
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.9%
CVE-2018-6195 HIGH POC PATCH This Week

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection WordPress Prototype Pollution PHP Splashing Images
NVD
CVSS 3.1
7.2
EPSS
3.7%
CVE-2018-6405 MEDIUM POC This Month

In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2018-6355 MEDIUM POC This Month

/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ib Wrb302N Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-6376 CRITICAL Act Now

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-6408 HIGH This Week

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cipcamptiwl Firmware Cipcamptiwl Web Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-6194 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP Splashing Images
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2018-5441 HIGH PATCH This Week

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Mguard Centerport Firmware Mguard Delta Tx Tx Firmware Mguard Delta Tx Tx Vpn Firmware Mguard Gt Gt Firmware +19
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6407 HIGH This Week

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cipcamptiwl Firmware Cipcamptiwl Web Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
32.3%
CVE-2018-6380 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-6379 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-6377 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
57.5%
CVE-2018-6382 LOW Monitor

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Authentication Bypass PHP Mantisbt
NVD
CVSS 3.0
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy