Skip to main content
CVE-2018-13445 HIGH POC This Week

An issue was discovered in SeaCMS 6.61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seacms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-13444 HIGH POC This Week

An issue was discovered in SeaCMS 6.61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seacms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-13439 HIGH POC This Week

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wechat Pay
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-13440 MEDIUM POC This Month

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Audiofile Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-13433 MEDIUM POC This Month

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boostnote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-13450 CRITICAL PATCH Act Now

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13449 CRITICAL PATCH Act Now

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13448 CRITICAL PATCH Act Now

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13447 CRITICAL PATCH Act Now

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy