Skip to main content
CVE-2018-15132 HIGH POC PATCH This Week

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure PHP Storage Automation Store
NVD GitHub
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-12885 MEDIUM POC This Month

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mycryptochamp
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-15130 MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15129 MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11455 HIGH This Week

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Automation License Manager
NVD
CVSS 3.0
8.8
EPSS
5.3%
CVE-2018-11454 HIGH This Week

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Simatic Step 7 Tia Portal Simatic Wincc Tia Portal
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2018-11453 HIGH This Week

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Simatic Step 7 Tia Portal Simatic Wincc Tia Portal
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5383 MEDIUM This Month

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Google Microsoft Information Disclosure Apple Wl18Xx Bluetooth Service Pack +3
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2018-11456 MEDIUM This Month

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Automation License Manager
NVD
CVSS 3.0
5.8
EPSS
1.3%
CVE-2018-5995 MEDIUM This Month

The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-5953 MEDIUM PATCH This Month

The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-1690 MEDIUM PATCH This Month

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Model Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy