Skip to main content
CVE-2018-10575 CRITICAL POC Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.7%
CVE-2018-10574 CRITICAL POC PATCH Act Now

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE PHP Bigtree Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10573 HIGH POC PATCH This Week

interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-5234 HIGH POC THREAT This Week

The Norton Core router prior to v237 may be susceptible to a command injection exploit. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Norton Core Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
16.7%
CVE-2018-10576 HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-10572 MEDIUM POC PATCH This Month

interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Openemr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-1183 CRITICAL Act Now

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft XXE Dell Emc Smis +15
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-10554 MEDIUM POC This Month

An issue was discovered in Nagios XI 5.4.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Nagios Xi
NVD
CVSS 3.0
5.4
EPSS
2.7%
CVE-2018-1102 HIGH PATCH This Week

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openshift
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-10570 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-7891 HIGH This Week

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Xprotect Siveillance Vms
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2018-9310 HIGH This Week

An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sysinfo
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8839 HIGH This Week

Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Pmsoft
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-10550 HIGH This Week

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Deploy
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1277 MEDIUM This Month

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Docker Garden Runc Cf Deployment
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1389 MEDIUM This Month

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Api Connect
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-10553 MEDIUM This Month

An issue was discovered in Nagios XI 5.4.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Nagios Xi
NVD
CVSS 3.0
6.5
EPSS
39.5%
CVE-2018-10571 MEDIUM PATCH This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Openemr
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0711 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qnap Qts
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10364 MEDIUM PATCH This Month

BigTree before 4.2.22 has XSS in the Users management page via the name or company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1430 MEDIUM This Month

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Api Connect
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1000172 MEDIUM This Month

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextgen Gallery
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-7901 MEDIUM This Month

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Alp Al00B Firmware Bla Al00B Firmware
NVD
CVSS 3.0
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy