Skip to main content
CVE-2018-17852 CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-17831 CRITICAL POC Act Now

In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Redaxo
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-17825 CRITICAL POC Act Now

An issue was discovered in AdPlug 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adplug Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-17836 HIGH POC This Week

An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Jtbc Php
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-17826 HIGH POC This Week

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hisiphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-4001 HIGH POC This Week

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-4000 HIGH POC This Week

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2018-3999 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-3998 HIGH POC This Week

An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2018-3984 HIGH POC This Week

An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2018-3982 HIGH POC This Week

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2018-3981 HIGH POC This Week

An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Canvas Draw
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2018-3978 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-3975 HIGH POC This Week

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-17848 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2018-17847 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17838 HIGH POC This Week

An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17837 HIGH POC This Week

An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-17867 HIGH POC This Week

The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection H660Gw Firmware
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2018-17827 HIGH POC This Week

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Hisiphp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-17854 MEDIUM POC This Month

SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Simdcomp
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-17427 MEDIUM POC This Month

SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Simdcomp
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-17832 MEDIUM POC This Month

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-14804 CRITICAL Act Now

Emerson AMS Device Manager v12.0 to v13.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Ams Device Manager
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-14802 CRITICAL Act Now

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Frenic Loader 3 3 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14794 CRITICAL Act Now

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Alpha5 Smart Loader Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-14790 CRITICAL Act Now

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Frenic Loader 3 3 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-17828 MEDIUM POC This Month

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zziplib
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-17830 MEDIUM POC This Month

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Redaxo
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17869 HIGH This Week

DASAN H660GW devices do not implement any CSRF protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF H660Gw Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17868 MEDIUM POC This Month

DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H660Gw Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-15702 HIGH This Week

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10605 HIGH This Week

Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Telem Gw6 Firmware Telem Gwm Firmware
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17835 MEDIUM POC This Month

An issue was discovered in GetSimple CMS 3.3.15. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-17846 HIGH PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-17217 HIGH This Week

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thingworx Platform
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-15701 MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-15700 MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-14808 MEDIUM This Month

Emerson AMS Device Manager v12.0 to v13.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ams Device Manager
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1420 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-17216 MEDIUM This Month

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thingworx Platform
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1672 MEDIUM PATCH This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Portal
NVD
CVSS 3.0
6.3
EPSS
1.2%
CVE-2018-17874 MEDIUM This Month

ExpressionEngine before 4.3.5 has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Expressionengine
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17870 MEDIUM PATCH This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

PHP Open Redirect Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17218 MEDIUM This Month

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thingworx Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-14798 MEDIUM This Month

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Frenic Loader 3 3 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-14788 MEDIUM This Month

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Alpha5 Smart Loader Firmware
NVD
CVSS 3.0
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy