Skip to main content
CVE-2018-17575 CRITICAL POC Act Now

SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Swa Jacad
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-17573 CRITICAL POC Act Now

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Wp Insert
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-17397 CRITICAL POC Act Now

SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Alphaindex Dictionaries
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17394 CRITICAL POC Act Now

SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Timetable Schedule
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17391 CRITICAL POC Act Now

SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Super Cms Blog Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17385 CRITICAL POC Act Now

SQL Injection exists in the Social Factory 3.8.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Social Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17384 CRITICAL POC Act Now

SQL Injection exists in the Swap Factory 2.2.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Swap Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17383 CRITICAL POC Act Now

SQL Injection exists in the Collection Factory 4.1.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Collection Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17382 CRITICAL POC Act Now

SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jobs Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17380 CRITICAL POC Act Now

SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Article Factory Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17379 CRITICAL POC Act Now

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Raffle Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17378 CRITICAL POC Act Now

SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Penny Auction Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17377 CRITICAL POC Act Now

SQL Injection exists in the Questions 1.4.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Questions
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17376 CRITICAL POC Act Now

SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reverse Auction Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17375 CRITICAL POC Act Now

SQL Injection exists in the Music Collection 3.0.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Collection
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-16659 CRITICAL POC Act Now

An issue was discovered in Rausoft ID.prove 2.95. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Id Prove
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-14957 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Isweb
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14956 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isweb
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-17776 HIGH POC This Week

PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.4%
CVE-2018-17055 HIGH POC This Week

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sitefinity
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-17582 HIGH POC This Week

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.1
EPSS
1.2%
CVE-2018-17580 HIGH POC This Week

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.1
EPSS
1.2%
CVE-2018-17581 MEDIUM POC This Month

CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Debian Linux Ubuntu Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-17571 MEDIUM POC This Month

Vanilla before 2.6.1 allows XSS via the email field of a profile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vanilla
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17056 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sitefinity Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-14037 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kendo Ui
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-9079 CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-15764 CRITICAL Act Now

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell RCE Esrs Policy Manager
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-5393 CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization TP-Link Eap Controller
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2018-17613 CRITICAL Act Now

Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telegram Desktop
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-17611 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17610 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17609 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17608 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17607 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-15365 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XSS CSRF Deep Discovery Inspector
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-17574 MEDIUM POC PATCH This Month

An issue was discovered in YMFE YApi 1.3.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yapi
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16277 MEDIUM POC This Month

The Image Import function in XWiki through 10.7 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9082 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware +18
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9078 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-9077 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9076 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9075 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-1251 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2018-14648 HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
6.2%
CVE-2018-17605 HIGH PATCH This Week

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Asset Pipeline
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-17567 HIGH PATCH This Week

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jekyll
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1702 HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-9074 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal Lenovoemc Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1250 MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
6.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy