Skip to main content
CVE-2018-14910 HIGH POC This Week

SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection CSRF RCE PHP Seacms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7748 HIGH POC This Week

{xyz}' Glide Scripting Injection in the sysparm_media parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Servicenow
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-14908 HIGH POC This Week

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Samsung Syncthru Web Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14912 HIGH POC THREAT This Week

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cgit Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
93.2%
CVE-2018-14884 HIGH POC This Week

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service PHP Storage Automation Store
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-14883 HIGH POC This Week

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow PHP Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
7.5
EPSS
9.0%
CVE-2018-14872 HIGH POC This Week

An issue was discovered in Rincewind 0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rincewind
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-14911 HIGH POC This Week

A file upload vulnerability exists in ukcms v1.1.7 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ukcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-14926 HIGH This Week

Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Banco
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-5490 HIGH This Week

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1524 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +5
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14923 HIGH This Week

A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ezplayer
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-14928 HIGH This Week

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Banco
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-14715 HIGH This Week

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cryptogs
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14576 HIGH This Week

The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Suncontract
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-14774 HIGH PATCH This Week

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Symfony
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy