Skip to main content
CVE-2018-15142 HIGH POC PATCH THREAT This Week

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.2%
CVE-2018-15139 HIGH POC PATCH THREAT This Week

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
19.3%
CVE-2018-5925 HIGH POC THREAT This Week

A security vulnerability has been identified with certain HP Inkjet printers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP RCE Buffer Overflow T8X44 Firmware 3Aw51A Firmware +268
NVD
CVSS 3.0
7.8
EPSS
10.9%
CVE-2018-10636 HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Cncsoft Screeneditor
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2018-15144 HIGH PATCH This Week

SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-10598 HIGH This Week

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Cncsoft Screeneditor
NVD
CVSS 3.0
8.1
EPSS
3.5%
CVE-2018-14878 HIGH PATCH This Week

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Dotpeek Resharper Ultimate
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-15125 HIGH This Week

Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zipabox Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy