Skip to main content
CVE-2018-16287 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
19.6%
CVE-2018-16286 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2018-17057 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Tcpdf Limesurvey
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
26.2%
CVE-2018-17036 CRITICAL POC Act Now

An issue was discovered in UCMS 1.4.6 and 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-17035 CRITICAL POC Act Now

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11058 CRITICAL PATCH Act Now

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Bsafe Bsafe Crypto C Application Testing Suite +10
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-0718 CRITICAL Act Now

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Music Station
NVD
CVSS 3.0
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy