Skip to main content
CVE-2018-15873 CRITICAL POC Act Now

A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2018-15839 CRITICAL POC THREAT Act Now

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
45.3%
CVE-2018-3895 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-15901 HIGH POC This Week

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP E107
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15884 HIGH POC This Week

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C4504Ex Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-15571 HIGH POC This Week

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Export Users To Csv
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
1.5%
CVE-2018-3916 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-14572 HIGH POC This Week

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Conference Scheduler Cli
NVD GitHub
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-3908 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-15897 MEDIUM POC This Month

PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow PHP Website Seller Script
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6643 MEDIUM POC This Month

Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Netmri
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-15740 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Admanager Plus
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.1%
CVE-2018-15608 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Admanager Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-15596 MEDIUM POC This Month

An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mybb
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-3926 MEDIUM POC This Month

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-15896 MEDIUM POC This Month

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Seller Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-15529 HIGH This Week

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mutiny
NVD GitHub
CVSS 3.0
8.8
EPSS
4.8%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-1705 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-13395 MEDIUM This Month

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13391 MEDIUM This Month

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Server
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-15919 MEDIUM PATCH This Month

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure SSH Openssh Cloud Backup +4
NVD
CVSS 3.1
5.3
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy