Skip to main content
CVE-2018-12689 CRITICAL POC Act Now

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Phpldapadmin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-12634 CRITICAL POC THREAT Act Now

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
56.8%
CVE-2018-12659 HIGH POC This Week

SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Slims Akasia
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12648 HIGH POC This Week

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Exempi
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-12636 HIGH POC THREAT This Week

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Security
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
30.1%
CVE-2018-12658 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-12657 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims Akasia
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12656 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims Akasia
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12655 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims Akasia
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12654 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Slims Akasia
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12649 CRITICAL PATCH Act Now

An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12688 CRITICAL Act Now

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12678 CRITICAL PATCH Act Now

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Portainer
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12641 MEDIUM POC This Month

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
2.1%
CVE-2018-12538 HIGH PATCH This Week

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jetty E Series Santricity Management Plug Ins E Series Santricity Os Controller E Series Santricity Web Services Proxy +8
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-1000201 HIGH PATCH This Week

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Ruby Ffi
NVD GitHub
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-12687 HIGH This Week

tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tinyexr
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12642 HIGH PATCH This Week

Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12635 HIGH This Week

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SCADA
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-12684 HIGH PATCH This Week

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Civetweb
NVD GitHub
CVSS 3.0
7.1
EPSS
1.1%
CVE-2018-7682 MEDIUM This Month

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solutions Business Manager
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-12633 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 4.17.2. Rated medium severity (CVSS 6.3).

Race Condition Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.3
EPSS
0.3%
CVE-2018-1655 MEDIUM This Month

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy