Skip to main content
CVE-2018-6024 CRITICAL POC Act Now

SQL Injection exists in the Project Log 1.5.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Project Log
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7211 HIGH POC This Week

An issue was discovered in iDashboards 9.6b. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Idashboards
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-7216 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bravo Solution
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
2.9%
CVE-2018-7210 HIGH POC This Week

An issue was discovered in iDashboards 9.6b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Idashboards
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-7209 HIGH POC This Week

An issue was discovered in iDashboards 9.6b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Idashboards
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-7198 MEDIUM POC PATCH This Month

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS October
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-7197 MEDIUM POC This Month

An issue was discovered in Pluck through 4.7.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pluck
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-7217 HIGH This Week

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Bravo Solution
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-7206 HIGH PATCH This Week

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure Oauthenticator
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-7208 HIGH This Week

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2018-7212 MEDIUM PATCH This Month

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Sinatra
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy