Skip to main content
CVE-2018-16239 CRITICAL POC Act Now

An issue was discovered in damiCMS V6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-16159 CRITICAL POC THREAT Act Now

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Gift Vouchers
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
49.9%
CVE-2018-15691 CRITICAL POC PATCH THREAT Act Now

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Release Automation
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
16.8%
CVE-2018-16158 CRITICAL POC THREAT Act Now

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Power Xpert Meter 4000 Firmware Power Xpert Meter 6000 Firmware Power Xpert Meter 8000 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
34.9%
CVE-2018-15745 HIGH POC THREAT This Week

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dvr
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
97.7%
CVE-2018-14903 HIGH POC This Week

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-14902 HIGH POC This Week

The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Iprint
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14901 HIGH POC This Week

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Iprint
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-14900 HIGH POC This Week

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-16238 HIGH POC This Week

An issue was discovered in damiCMS V6.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Damicms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-16141 MEDIUM POC This Month

ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Thinkcmfx
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16236 MEDIUM POC This Month

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16234 MEDIUM POC This Month

MorningStar WhatWeb 0.4.9 has XSS via JSON report files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Whatweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16233 MEDIUM POC This Month

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-14899 MEDIUM POC This Month

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wf 2750 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16142 MEDIUM POC This Month

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-6499 CRITICAL Act Now

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Data Center Automation Hybrid Cloud Management Network Operations Management +5
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-6498 CRITICAL Act Now

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Data Center Automation Hybrid Cloud Management Network Operations Management +2
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-15477 CRITICAL Act Now

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wifi Switch Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-13824 CRITICAL PATCH Act Now

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Project Portfolio Management
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13821 CRITICAL PATCH Act Now

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-16157 MEDIUM POC This Month

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.7%
CVE-2018-13826 CRITICAL PATCH Act Now

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Project Portfolio Management
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-15480 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11718 HIGH This Week

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14317 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-11616 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Foxmail
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2018-15478 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-15476 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-10936 HIGH PATCH This Week

A weakness was found in postgresql-jdbc before version 42.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Postgresql Jdbc Driver Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
2.9%
CVE-2018-15363 HIGH This Week

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Information Disclosure Buffer Overflow Antivirus Security +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-10514 HIGH This Week

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security Internet Security Maximum Security +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10513 HIGH This Week

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deserialization Antivirus Security Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-14619 HIGH PATCH This Week

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-16140 HIGH This Week

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ubuntu Linux Fig2Dev
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-16231 HIGH This Week

Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pftp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-11720 HIGH This Week

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-13823 HIGH PATCH This Week

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Project Portfolio Management
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-13822 HIGH PATCH This Week

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Project Portfolio Management
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-13820 HIGH This Week

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13819 HIGH This Week

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-16131 HIGH PATCH This Week

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Akka Http
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-14622 HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-14621 HIGH PATCH This Week

An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libtirpc
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-11615 HIGH PATCH This Week

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Mosca
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-16058 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-16057 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2018-16056 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2018-16237 LOW POC Monitor

An issue was discovered in damiCMS V6.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Damicms
NVD GitHub
CVSS 3.0
2.7
EPSS
1.2%
CVE-2018-15479 MEDIUM This Month

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
6.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy