Skip to main content
CVE-2018-1000226 CRITICAL POC PATCH THREAT Act Now

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cobbler
NVD GitHub
CVSS 3.0
9.8
EPSS
12.5%
CVE-2018-1000217 CRITICAL POC Act Now

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Cjson
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-1000653 CRITICAL POC Act Now

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nginx Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1000639 CRITICAL POC Act Now

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Latexdraw
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
CVE-2018-1000652 CRITICAL Act Now

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE SSRF Jabref
NVD GitHub
CVSS 3.0
10.0
EPSS
1.9%
CVE-2018-1000651 CRITICAL PATCH Act Now

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF Stroom
NVD GitHub
CVSS 3.0
10.0
EPSS
1.9%
CVE-2018-1000644 CRITICAL PATCH Act Now

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF Rdf4J
NVD GitHub
CVSS 3.0
10.0
EPSS
2.0%
CVE-2018-14078 CRITICAL Act Now

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-1000221 CRITICAL Act Now

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pkgconf
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000641 CRITICAL PATCH Act Now

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Yeswiki
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy