Skip to main content
CVE-2018-12689 CRITICAL POC Act Now

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Phpldapadmin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-12634 CRITICAL POC THREAT Act Now

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
56.8%
CVE-2018-12649 CRITICAL PATCH Act Now

An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12688 CRITICAL Act Now

tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12678 CRITICAL PATCH Act Now

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Portainer
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy