Skip to main content
CVE-2018-10469 CRITICAL POC Act Now

b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Symphony
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10519 HIGH POC This Week

CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cms Made Simple
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-10503 HIGH POC This Week

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-10504 HIGH POC This Week

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Form Maker
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-7669 HIGH POC THREAT This Week

An issue was discovered in Sitecore Sitecore.NET 8.1 rev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sitecore Net
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.5%
CVE-2018-10517 HIGH POC THREAT This Week

In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cms Made Simple
NVD Exploit-DB GitHub
CVSS 3.0
7.2
EPSS
12.2%
CVE-2018-10515 HIGH POC This Week

In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cms Made Simple
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-10520 MEDIUM POC This Month

In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cms Made Simple
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-10518 MEDIUM POC This Month

In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cms Made Simple
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-10516 MEDIUM POC This Month

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cms Made Simple
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1475 CRITICAL PATCH Act Now

IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10523 MEDIUM POC This Month

CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cms Made Simple
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-10522 MEDIUM POC This Month

In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-1479 HIGH PATCH This Week

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Bigfix Platform
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10521 LOW POC Monitor

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cms Made Simple
NVD GitHub
CVSS 3.0
2.7
EPSS
0.9%
CVE-2018-10471 MEDIUM This Month

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Xen Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-1473 MEDIUM PATCH This Month

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Bigfix Platform
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10472 MEDIUM This Month

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure Xen Debian Linux
NVD
CVSS 3.0
5.6
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy