Skip to main content
CVE-2018-16287 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
19.6%
CVE-2018-16286 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2018-17057 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Tcpdf Limesurvey
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
26.2%
CVE-2018-17036 CRITICAL POC Act Now

An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-17035 CRITICAL POC Act Now

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-17045 HIGH POC This Week

An issue was discovered in CMS MaeloStore V.1.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cms Maelostore
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17037 HIGH POC This Week

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-16288 HIGH POC THREAT This Week

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
35.8%
CVE-2018-10814 HIGH POC This Week

Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Synaman
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-17043 HIGH POC This Week

An issue has been found in doc2txt through 2014-03-19. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Doc2Txt
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-16706 HIGH POC THREAT This Week

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD
CVSS 3.0
7.5
EPSS
22.3%
CVE-2018-17030 HIGH POC This Week

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Bigtree Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-17051 MEDIUM POC This Month

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cisco Cisco Configuration Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17049 MEDIUM POC This Month

CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cqu Lankers
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17046 MEDIUM POC This Month

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Translate Man
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17039 MEDIUM POC This Month

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17034 MEDIUM POC This Month

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17031 MEDIUM POC PATCH This Month

In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gogs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-11058 CRITICAL PATCH Act Now

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Bsafe Bsafe Crypto C Application Testing Suite +10
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-0718 CRITICAL Act Now

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Music Station
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-17042 MEDIUM POC This Month

An issue has been found in dbf2txt through 2012-07-19. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbf2Txt
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-16242 MEDIUM POC This Month

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Smart Locker Firmware Obike Stationless Bike Sharing
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2018-10763 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Synaman
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.7%
CVE-2018-17044 MEDIUM POC This Month

In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-12585 HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE Ua Net Legacy Ua Java
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-12086 HIGH PATCH This Week

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Unified Architecture Net Legacy Unified Architecture Java Unified Architecture Net Standard +2
NVD
CVSS 3.0
7.5
EPSS
11.6%
CVE-2018-14638 HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11087 MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol Rabbitmq Java Client
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2018-1719 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
2.4%
CVE-2018-1791 MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy