Skip to main content
CVE-2018-7600 CRITICAL POC KEV PATCH THREAT Act Now

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Drupal Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-9031 CRITICAL POC Act Now

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sentry Vision
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-4841 CRITICAL Act Now

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Tim 1531 Irc Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2018-9123 MEDIUM POC This Month

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crea8Social
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-9122 MEDIUM POC This Month

In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crea8Social
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9121 MEDIUM POC This Month

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crea8Social
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9120 MEDIUM POC This Month

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crea8Social
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9116 CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-1191 HIGH This Week

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment Garden Runc Release
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-5224 HIGH This Week

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Bamboo
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-5223 HIGH PATCH This Week

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Fisheye Crucible
NVD
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-6588 MEDIUM PATCH This Month

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-6587 MEDIUM PATCH This Month

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-6586 MEDIUM PATCH This Month

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-9117 MEDIUM This Month

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wiremock
NVD
CVSS 3.0
5.3
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy