Skip to main content
CVE-2018-17045 HIGH POC This Week

An issue was discovered in CMS MaeloStore V.1.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cms Maelostore
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17037 HIGH POC This Week

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-16288 HIGH POC THREAT This Week

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
35.8%
CVE-2018-10814 HIGH POC This Week

Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Synaman
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-17043 HIGH POC This Week

An issue has been found in doc2txt through 2014-03-19. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Doc2Txt
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-16706 HIGH POC THREAT This Week

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD
CVSS 3.0
7.5
EPSS
22.3%
CVE-2018-17030 HIGH POC This Week

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Bigtree Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-12585 HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE Ua Net Legacy Ua Java
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-12086 HIGH PATCH This Week

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Unified Architecture Net Legacy Unified Architecture Java Unified Architecture Net Standard +2
NVD
CVSS 3.0
7.5
EPSS
11.6%
CVE-2018-14638 HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.5
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy