Skip to main content
CVE-2018-16402 CRITICAL POC Act Now

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-16385 CRITICAL POC PATCH Act Now

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Thinkphp
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-16370 CRITICAL POC Act Now

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pescms Team
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy