Skip to main content
CVE-2018-7538 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Tuleap
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-8065 HIGH POC THREAT This Week

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Syncbreeze
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
76.5%
CVE-2018-5758 MEDIUM POC This Month

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Jive N
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-7749 CRITICAL PATCH Act Now

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8070 MEDIUM POC This Month

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-8069 MEDIUM POC This Month

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-6623 HIGH This Week

An issue was discovered in Hola 1.79.859. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Vpn
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-8058 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-7893 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-6400 HIGH This Week

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Wps Office Free
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2018-6322 HIGH This Week

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Panda Global Protection
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6321 HIGH This Week

Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Panda Global Protection
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6183 HIGH This Week

BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Total Security
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6016 HIGH This Week

Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Network Monitor
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1206 HIGH This Week

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Protection Advisor
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7562 HIGH This Week

A remote code execution issue was discovered in GLPI through 9.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE PHP Glpi
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1323 HIGH This Week

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal Tomcat Jk Connector
NVD
CVSS 3.0
7.5
EPSS
44.2%
CVE-2018-7563 MEDIUM This Month

An issue was discovered in GLPI through 9.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Glpi
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-7858 MEDIUM PATCH This Month

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Qemu Leap +7
NVD
CVSS 3.1
5.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy