Skip to main content
CVE-2018-12039 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-12031 CRITICAL POC THREAT Act Now

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Intelligent Power Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
17.3%
CVE-2018-3739 CRITICAL POC PATCH Act Now

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Https Proxy Agent
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-3758 HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD
CVSS 3.1
8.8
EPSS
27.5%
CVE-2018-3723 HIGH POC PATCH This Week

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Defaults Deep
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-3722 HIGH POC PATCH This Week

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Merge Deep
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-3720 HIGH POC PATCH This Week

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Assign Deep
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-3719 HIGH POC PATCH This Week

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mixin Deep
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-10619 HIGH POC This Week

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Rslinx Classic Factorytalk Linx Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.8%
CVE-2018-12036 HIGH POC PATCH This Week

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dependency Check
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-12042 HIGH POC This Week

Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Roxy Fileman
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-12016 HIGH POC This Week

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epiphany
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-12015 HIGH POC PATCH This Week

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ubuntu Linux Debian Linux Perl Mac Os X +4
NVD
CVSS 3.0
7.5
EPSS
7.3%
CVE-2018-0296 HIGH POC KEV THREAT This Week

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
99.9%
CVE-2018-3737 HIGH POC PATCH This Week

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sshpk
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-3732 HIGH POC PATCH This Week

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Resolve Path
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-3731 HIGH POC PATCH This Week

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Public Js
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3730 HIGH POC This Week

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mcstatic
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3729 HIGH POC PATCH This Week

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Localhost Now
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3727 HIGH POC This Week

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 626
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3725 HIGH POC PATCH This Week

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hekto
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-3724 HIGH POC This Week

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal General File Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-3711 HIGH POC PATCH This Week

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-3721 MEDIUM POC PATCH This Month

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Lodash Active Iq Unified Manager System Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-3715 MEDIUM POC PATCH This Month

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Glance
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2018-3714 MEDIUM POC PATCH This Month

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Node Srv
NVD
CVSS 3.1
6.5
EPSS
8.6%
CVE-2018-3713 MEDIUM POC PATCH This Month

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Angular Http Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-3712 MEDIUM POC PATCH This Month

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Serve
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-3735 MEDIUM POC This Month

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bracket Template
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-3726 MEDIUM POC PATCH This Month

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Crud File Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-0321 CRITICAL Act Now

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Cisco Prime Collaboration Prime Collaboration Assurance +1
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-0320 CRITICAL Act Now

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-0319 CRITICAL Act Now

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0318 CRITICAL Act Now

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0315 CRITICAL Act Now

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2018-3738 MEDIUM POC PATCH This Month

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Protobufjs
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-3717 MEDIUM POC PATCH This Month

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Connect
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2018-3716 MEDIUM POC PATCH This Month

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplehttpserver
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-3718 MEDIUM POC PATCH This Month

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serve
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2018-0336 HIGH This Week

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Prime Collaboration
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1514 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0322 HIGH This Week

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0317 HIGH This Week

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0274 HIGH This Week

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco Network Services Orchestrator
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-0338 HIGH This Week

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-0335 HIGH This Week

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Collaboration
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1547 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Microsoft IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.7
EPSS
2.2%
CVE-2018-0332 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Ip Phone Firmware Ip Phone Firmware
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-0353 HIGH This Week

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-0316 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy