Skip to main content
CVE-2018-9866 CRITICAL POC Act Now

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall RCE Command Injection Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-14728 CRITICAL POC THREAT Act Now

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
76.5%
CVE-2018-13416 CRITICAL POC THREAT Act Now

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Universal Media Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.2%
CVE-2018-14910 HIGH POC This Week

SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection CSRF RCE PHP Seacms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7748 HIGH POC This Week

{xyz}' Glide Scripting Injection in the sysparm_media parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Servicenow
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-14908 HIGH POC This Week

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Samsung Syncthru Web Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14912 HIGH POC THREAT This Week

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cgit Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
93.2%
CVE-2018-14884 HIGH POC This Week

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service PHP Storage Automation Store
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-14883 HIGH POC This Week

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow PHP Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
7.5
EPSS
9.0%
CVE-2018-14872 HIGH POC This Week

An issue was discovered in Rincewind 0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rincewind
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-14911 HIGH POC This Week

A file upload vulnerability exists in ukcms v1.1.7 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ukcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-14906 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 3Cx Web Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14905 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 3Cx Web Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14904 MEDIUM POC This Month

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14504 MEDIUM POC PATCH This Month

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14574 MEDIUM POC PATCH THREAT This Month

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Django Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
25.5%
CVE-2018-14925 CRITICAL Act Now

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Banco
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-3777 CRITICAL PATCH Act Now

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Restforce
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-14876 MEDIUM POC This Month

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flif
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-12607 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12606 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12605 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14877 MEDIUM POC This Month

An issue was discovered in WeaselCMS v0.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Weaselcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14873 MEDIUM POC This Month

An issue was discovered in Rincewind 0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rincewind
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-14907 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 3Cx Web Server
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-14926 HIGH This Week

Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Banco
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-5490 HIGH This Week

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1524 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +5
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14923 HIGH This Week

A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ezplayer
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-14928 HIGH This Week

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Banco
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14715 HIGH This Week

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cryptogs
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14576 HIGH This Week

The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Suncontract
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-14774 HIGH PATCH This Week

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Symfony
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-12989 MEDIUM This Month

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Console 8 Iqsystem 7
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-14773 MEDIUM PATCH This Month

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony Debian Linux Drupal
NVD GitHub
CVSS 3.1
6.5
EPSS
58.1%
CVE-2018-5489 MEDIUM This Month

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass 7 Mode Transition Tool
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-14929 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Banco
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14924 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Banco
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13055 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-6590 MEDIUM This Month

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ca Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-14927 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Banco
NVD
CVSS 3.0
5.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy