Skip to main content
CVE-2018-9276 HIGH POC KEV THREAT Act Now

An issue was discovered in PRTG Network Monitor before 18.2.39. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Prtg Network Monitor
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
87.2%
CVE-2018-12426 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Live Chat
NVD GitHub
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-13050 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
38.2%
CVE-2018-13067 HIGH POC This Week

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Opencart
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-12529 HIGH POC This Week

An issue was discovered on Intex N150 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF N150 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12528 HIGH POC This Week

An issue was discovered on Intex N150 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload N150 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-13056 HIGH POC This Week

An issue was discovered on zzcms 8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-12892 CRITICAL Act Now

An issue was discovered in Xen 4.7 through 4.10.x. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Xen
NVD
CVSS 3.0
9.9
EPSS
2.6%
CVE-2018-12575 CRITICAL Act Now

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12896 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-1244 HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-1212 HIGH This Week

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac6 Modular Idrac6 Monolithic
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-10843 HIGH This Week

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-12577 HIGH This Week

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr841n Firmware
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-12574 HIGH This Week

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-13049 HIGH This Week

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-13054 HIGH PATCH This Week

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Cinnamon
NVD GitHub
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-8039 HIGH PATCH This Week

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Cxf Jboss Enterprise Application Platform
NVD GitHub
CVSS 3.0
8.1
EPSS
10.3%
CVE-2018-10874 HIGH PATCH This Week

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Openstack Virtualization Virtualization Host
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-13066 HIGH This Week

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1243 HIGH This Week

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-12499 HIGH This Week

The Motorola MBP853 firmware does not correctly validate server certificates. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mbp853 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2018-12893 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.10.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-12891 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.10.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Debian Linux Xen
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-10076 MEDIUM This Month

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10075 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-0499 MEDIUM PATCH This Month

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xapian Core Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1249 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-12576 MEDIUM This Month

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-13053 LOW PATCH Monitor

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Integer Overflow Linux Buffer Overflow Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.0
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy