Skip to main content
CVE-2018-17137 CRITICAL POC Act Now

Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Next
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-17136 CRITICAL POC Act Now

zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-17126 CRITICAL POC Act Now

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17110 CRITICAL POC Act Now

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Pos
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14630 HIGH POC PATCH This Week

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Moodle
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2018-17139 HIGH POC This Week

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ultimatepos
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-17143 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17142 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17127 HIGH POC This Week

blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17125 HIGH POC This Week

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Cscms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-17134 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17133 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17132 HIGH POC This Week

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17131 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17113 MEDIUM POC This Month

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-11780 CRITICAL Act Now

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Pdfinfo +2
NVD
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-17140 MEDIUM POC This Month

The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Quizlord
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17138 MEDIUM POC This Month

The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jibu Pro
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17130 MEDIUM POC This Month

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17128 MEDIUM POC THREAT This Month

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mybb
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
74.8%
CVE-2018-17129 MEDIUM POC This Month

MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.0
4.9
EPSS
0.9%
CVE-2018-1223 HIGH This Week

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundry Container Runtime
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-1198 HIGH This Week

Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Cloud Cache
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11088 HIGH This Week

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Application Service
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11086 HIGH This Week

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Application Service
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11781 HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Ubuntu Linux +5
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14320 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Podofo
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-14631 MEDIUM PATCH This Month

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-8041 MEDIUM PATCH This Month

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Camel
NVD
CVSS 3.0
5.3
EPSS
9.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy