Skip to main content
CVE-2018-7072 CRITICAL POC Act Now

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moonshot Provisioning Manager
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-14968 CRITICAL POC Act Now

An issue was discovered in EMLsoft 5.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Emlsoft
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-14961 CRITICAL POC Act Now

dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14978 HIGH POC This Week

An issue was discovered in QCMS 3.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Qcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14967 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-14966 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14965 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14963 HIGH POC This Week

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zzcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-14960 HIGH POC This Week

Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xiao5Ucompany
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14716 HIGH POC PATCH THREAT This Week

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Seomatic
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
33.0%
CVE-2018-14977 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7074 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
16.7%
CVE-2018-7058 CRITICAL Act Now

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Aruba Clearpass Policy Manager
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-7073 MEDIUM POC This Month

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moonshot Provisioning Manager Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-14869 MEDIUM POC This Month

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Template Store Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-14964 MEDIUM POC This Month

An issue was discovered in EMLsoft 5.4.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlsoft
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14962 MEDIUM POC This Month

zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zzcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14857 HIGH This Week

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Ocs Inventory Server
NVD GitHub
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-7060 HIGH This Week

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Clearpass
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-7059 HIGH This Week

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-14976 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14975 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14974 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14973 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14972 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14971 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14970 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-14969 MEDIUM POC This Month

An issue was discovered in QCMS 3.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-7092 HIGH This Week

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Intelligent Management Center
NVD
CVSS 3.0
7.5
EPSS
52.7%
CVE-2018-7069 HIGH This Week

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Centralview Fraud Risk Management
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5390 HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization Enterprise Linux Desktop Enterprise Linux Server +35
NVD
CVSS 3.1
7.5
EPSS
73.5%
CVE-2018-13877 HIGH This Week

The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Megacryptopolis
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1551 HIGH This Week

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-7078 HIGH This Week

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 4 Firmware Integrated Lights Out 5 Firmware
NVD
CVSS 3.0
7.2
EPSS
6.8%
CVE-2018-7091 MEDIUM This Month

HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Xp 9000 Command View
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7090 MEDIUM This Month

HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xp 9000 Command View
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7075 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intelligent Management Center
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-7068 MEDIUM This Month

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Centralview Fraud Risk Management
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1422 MEDIUM PATCH This Month

IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-7070 MEDIUM This Month

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centralview Fraud Risk Management
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-7071 MEDIUM This Month

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Function Virtualization Director
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1528 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +5
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy