Skip to main content
CVE-2018-14978 HIGH POC This Week

An issue was discovered in QCMS 3.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Qcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14967 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-14966 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14965 HIGH POC This Week

An issue was discovered in EMLsoft 5.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Emlsoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14963 HIGH POC This Week

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zzcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-14960 HIGH POC This Week

Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xiao5Ucompany
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14716 HIGH POC PATCH THREAT This Week

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Seomatic
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
33.0%
CVE-2018-14857 HIGH This Week

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Ocs Inventory Server
NVD GitHub
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-7060 HIGH This Week

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Clearpass
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-7059 HIGH This Week

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-7092 HIGH This Week

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Intelligent Management Center
NVD
CVSS 3.0
7.5
EPSS
52.7%
CVE-2018-7069 HIGH This Week

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Centralview Fraud Risk Management
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5390 HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization Enterprise Linux Desktop Enterprise Linux Server +35
NVD
CVSS 3.1
7.5
EPSS
73.5%
CVE-2018-13877 HIGH This Week

The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Megacryptopolis
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1551 HIGH This Week

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-7078 HIGH This Week

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 4 Firmware Integrated Lights Out 5 Firmware
NVD
CVSS 3.0
7.2
EPSS
6.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy