Skip to main content
CVE-2018-15168 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-15137 CRITICAL POC THREAT Act Now

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Clr M20 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
18.2%
CVE-2018-15209 HIGH POC This Week

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Debian Linux
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-15198 HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15197 HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15193 HIGH POC This Week

A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gogs
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-15176 HIGH POC This Week

XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xnview
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-15175 HIGH POC This Week

XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xnview
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-15174 HIGH POC This Week

XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xnview
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-11561 HIGH POC This Week

An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Erc20Token
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-15173 HIGH POC This Week

Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nmap
NVD
CVSS 3.0
7.5
EPSS
6.1%
CVE-2018-15203 MEDIUM POC This Month

An issue was discovered in Ignited CMS through 2017-02-19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ignitedcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2018-15202 MEDIUM POC This Month

An issue was discovered in Juunan06 eCommerce through 2018-08-05. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ecommerce
NVD GitHub
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-15178 MEDIUM POC PATCH This Month

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Gogs
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15169 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-15199 MEDIUM POC This Month

AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-15177 HIGH This Week

In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Gxlcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15192 HIGH PATCH This Week

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitea Gogs
NVD GitHub
CVSS 3.0
8.6
EPSS
2.1%
CVE-2018-12408 HIGH This Week

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Activematrix Businessworks Activematrix Businessworks Distribution For Tibco Silver Fabric
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-11769 HIGH This Week

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Couchdb
NVD
CVSS 3.0
7.2
EPSS
8.2%
CVE-2018-14526 MEDIUM PATCH This Month

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Ubuntu Linux Debian Linux Wpa Supplicant
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-3778 MEDIUM PATCH This Month

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Aedes
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy