Skip to main content
CVE-2018-10312 HIGH POC This Week

index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-3836 HIGH POC This Week

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Leptonica Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-7932 HIGH This Week

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Appgallery
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-4832 HIGH This Week

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openpcs 7 Simatic Batch Simatic Net Pc Simatic Pcs 7 +5
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-10328 HIGH This Week

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Momentum Axel 720P Firmware
NVD
CVSS 3.0
7.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy