Skip to main content
CVE-2018-12498 CRITICAL POC Act Now

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12491 CRITICAL POC Act Now

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12481 CRITICAL Act Now

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure The Olive Tree Ftp Server
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-12422 CRITICAL PATCH Act Now

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Evolution
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-1085 CRITICAL Act Now

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-12356 CRITICAL PATCH Act Now

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack RCE Simple Password Store
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy