Skip to main content
CVE-2018-16763 CRITICAL POC PATCH THREAT Act Now

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Fuel Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
82.9%
CVE-2018-16750 MEDIUM POC This Month

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-16749 MEDIUM POC PATCH This Month

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2018-16761 MEDIUM POC This Month

Eventum before 3.4.0 has an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Eventum
NVD GitHub
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-16759 MEDIUM POC This Month

The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16762 CRITICAL PATCH Act Now

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Fuel Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-16736 MEDIUM POC This Month

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rcfilters
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy