Skip to main content
CVE-2018-17137 CRITICAL POC Act Now

Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Next
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-17136 CRITICAL POC Act Now

zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-17126 CRITICAL POC Act Now

CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17110 CRITICAL POC Act Now

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Pos
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11780 CRITICAL Act Now

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Pdfinfo +2
NVD
CVSS 3.0
9.8
EPSS
10.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy