Skip to main content
CVE-2018-10123 HIGH POC THREAT This Week

p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iopsys Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.9%
CVE-2018-11206 HIGH POC This Week

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.1
EPSS
2.9%
CVE-2018-11205 HIGH POC This Week

A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
8.1
EPSS
2.4%
CVE-2018-11209 HIGH POC This Week

An issue was discovered in Z-BlogPHP 2.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Z Blogphp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-10738 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10737 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10736 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10735 HIGH POC THREAT This Week

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nagios Xi
NVD
CVSS 3.0
7.2
EPSS
42.6%
CVE-2018-10760 HIGH This Week

Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Projectpier
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-4850 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 400 Firmware Simatic S7 400H Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-5231 HIGH This Week

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Server
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-10240 HIGH This Week

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.0
7.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy