Skip to main content
CVE-2018-7319 CRITICAL POC Act Now

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Os Property Real Estate
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-7318 CRITICAL POC Act Now

SQL Injection exists in the CheckList 1.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Checklist Data Integrator
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.7%
CVE-2018-7316 CRITICAL POC Act Now

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Proclaim
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-7315 CRITICAL POC Act Now

SQL Injection exists in the Ek Rishta 2.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ek Rishta
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7314 CRITICAL POC THREAT Act Now

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Prayercenter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
58.4%
CVE-2018-7312 CRITICAL POC Act Now

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Alexandria Book Library
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7300 CRITICAL POC THREAT Act Now

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Homematic Ccu2 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
30.8%
CVE-2018-7297 CRITICAL POC THREAT Act Now

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.8%
CVE-2018-7313 CRITICAL POC THREAT Act Now

SQL Injection exists in the CW Tags 2.0.6 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cw Tags
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.5%
CVE-2018-7317 HIGH POC This Week

Backup Download exists in the Proclaim 9.1.1 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Proclaim
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.1%
CVE-2018-7284 HIGH POC PATCH THREAT This Week

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Asterisk Certified Asterisk Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
58.3%
CVE-2018-7286 MEDIUM POC THREAT This Month

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
38.9%
CVE-2018-6489 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Project And Portfolio Management Center
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-6488 CRITICAL Act Now

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Ucmdb Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-7301 CRITICAL Act Now

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7409 CRITICAL Act Now

In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Unixodbc
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0130 CRITICAL Act Now

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cisco Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0124 CRITICAL Act Now

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-0121 CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco Elastic Services Controller Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-6890 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-1414 HIGH PATCH This Week

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-0148 HIGH This Week

A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Ucs Director
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-0139 HIGH This Week

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Customer Voice Portal
NVD
CVSS 3.1
8.6
EPSS
2.3%
CVE-2018-7298 HIGH This Week

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1417 HIGH This Week

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java IBM Information Disclosure Java Sdk
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-7299 HIGH This Week

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.0
EPSS
1.1%
CVE-2018-7408 HIGH PATCH This Week

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Node.js npm
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0015 HIGH This Week

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Juniper Appformix
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-7285 HIGH PATCH This Week

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Asterisk
NVD
CVSS 3.0
7.5
EPSS
5.1%
CVE-2018-0204 HIGH This Week

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-1391 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-0206 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0205 MEDIUM This Month

A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0200 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Service Catalog
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0199 MEDIUM This Month

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Cisco Jabber
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2018-0145 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Analytics Framework
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7287 MEDIUM This Month

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Asterisk
NVD
CVSS 3.0
5.9
EPSS
11.7%
CVE-2018-1415 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0201 MEDIUM This Month

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Jabber
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-0146 MEDIUM This Month

A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Data Center Analytics Framework
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7296 MEDIUM This Month

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-0203 MEDIUM This Month

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unity Connection
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-1392 LOW PATCH Monitor

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
3.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy