Skip to main content
CVE-2018-12065 CRITICAL POC Act Now

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Witycms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-10088 CRITICAL POC THREAT Act Now

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Uc Httpd
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
40.4%
CVE-2018-12055 CRITICAL POC Act Now

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-12052 CRITICAL POC Act Now

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-12051 CRITICAL POC Act Now

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Schools Alert Management Script
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12049 CRITICAL POC Act Now

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lbp6030W Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-12048 CRITICAL POC Act Now

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lbp7110Cw Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-12045 CRITICAL POC Act Now

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-4229 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.0
10.0
EPSS
2.1%
CVE-2018-0225 CRITICAL Act Now

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Appdynamics App Iq
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-12064 CRITICAL Act Now

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-9246 CRITICAL Act Now

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pgobject Util Dbadmin Ledgersmb
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-11229 CRITICAL Act Now

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Crestron Toolbox Protocol Firmware
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2018-11228 CRITICAL Act Now

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Crestron Toolbox Protocol Firmware
NVD
CVSS 3.0
9.8
EPSS
7.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy