Skip to main content
CVE-2018-11096 MEDIUM POC This Month

Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Horse Market Sell Rent Portal
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-11092 MEDIUM POC PATCH This Month

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Admin Notes
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-11331 CRITICAL PATCH Act Now

An issue was discovered in Pluck before 4.7.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Pluck
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-11320 CRITICAL Act Now

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-7687 HIGH This Week

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Client
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8012 HIGH PATCH This Week

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Apache Zookeeper Debian Linux Goldengate Stream Analytics
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2018-1067 MEDIUM PATCH This Month

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Undertow Jboss Enterprise Application Platform Virtualization Host
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-1108 MEDIUM This Month

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2018-8010 MEDIUM PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Apache Solr
NVD
CVSS 3.0
5.5
EPSS
3.9%
CVE-2018-7268 MEDIUM This Month

MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sysinfo
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-8142 MEDIUM PATCH This Month

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-11330 MEDIUM PATCH This Month

An issue was discovered in Pluck before 4.7.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pluck
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy