Skip to main content
CVE-2018-16239 CRITICAL POC Act Now

An issue was discovered in damiCMS V6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-16159 CRITICAL POC THREAT Act Now

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Gift Vouchers
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
49.9%
CVE-2018-15691 CRITICAL POC PATCH THREAT Act Now

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Release Automation
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
16.8%
CVE-2018-16158 CRITICAL POC THREAT Act Now

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Power Xpert Meter 4000 Firmware Power Xpert Meter 6000 Firmware Power Xpert Meter 8000 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
34.9%
CVE-2018-6499 CRITICAL Act Now

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Data Center Automation Hybrid Cloud Management Network Operations Management +5
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-6498 CRITICAL Act Now

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Data Center Automation Hybrid Cloud Management Network Operations Management +2
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-15477 CRITICAL Act Now

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wifi Switch Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-13824 CRITICAL PATCH Act Now

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Project Portfolio Management
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13821 CRITICAL PATCH Act Now

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-13826 CRITICAL PATCH Act Now

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Project Portfolio Management
NVD
CVSS 3.0
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy