Skip to main content
CVE-2018-9092 HIGH POC This Week

There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Minicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-7700 HIGH POC THREAT This Week

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
74.8%
CVE-2018-8764 HIGH POC This Week

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Debian Linux Ldap Account Manager
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-7195 HIGH POC This Week

Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Osticket
NVD VulDB
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-8718 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jenkins Mailer
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
6.8%
CVE-2018-9054 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9053 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9052 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9051 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9050 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9049 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9048 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9047 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9046 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9045 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9044 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9043 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9042 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9041 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9040 HIGH POC This Week

In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9105 HIGH This Week

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation RCE Apple Nordvpn
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-1231 HIGH This Week

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bosh Cli
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1267 HIGH This Week

Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Silk Release
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2018-1266 HIGH This Week

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Capi Release
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2018-6766 HIGH This Week

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Tvmediahelper
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-6765 HIGH This Week

Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Myswisscomassistant
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-1327 HIGH PATCH This Week

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
9.2%
CVE-2018-1238 HIGH This Week

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Command Injection Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1205 HIGH This Week

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy