Skip to main content
CVE-2018-9309 CRITICAL POC Act Now

An issue was discovered in zzcms 8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-9233 HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-9328 MEDIUM POC This Month

PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Redbus Clone Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9244 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9243 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-4863 MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-7035 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gleez Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1282 CRITICAL PATCH Act Now

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache Hive
NVD
CVSS 3.0
9.1
EPSS
5.5%
CVE-2018-1000153 HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java CSRF Jenkins Denial Of Service Vsphere
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1000146 HIGH PATCH This Week

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Liquibase Runner
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-3624 HIGH This Week

Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Intel RCE Buffer Overflow 2G Modem Firmware
NVD
CVSS 3.0
8.3
EPSS
1.3%
CVE-2018-1000142 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1000143 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-1096 MEDIUM This Month

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Foreman Satellite
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1000148 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Copy To Slave
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000147 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Perforce
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000145 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Perforce
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1000152 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Denial Of Service Vsphere
NVD
CVSS 3.0
6.3
EPSS
0.7%
CVE-2018-1000154 MEDIUM This Month

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Zammad
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1000144 MEDIUM PATCH This Month

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Cucumber Living Documentation
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000151 MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Vsphere
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2018-1000149 MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java,. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Ansible
NVD
CVSS 3.0
5.6
EPSS
0.7%
CVE-2018-1315 LOW PATCH Monitor

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache RCE Hive
NVD
CVSS 3.0
3.7
EPSS
1.8%
CVE-2018-1284 LOW PATCH Monitor

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Hive
NVD
CVSS 3.0
3.7
EPSS
2.3%
CVE-2018-1000150 LOW PATCH Monitor

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Reverse Proxy Auth
NVD
CVSS 3.0
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy