Skip to main content
CVE-2018-9206 CRITICAL POC PATCH THREAT Act Now

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Jquery File Upload
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2018-18258 CRITICAL POC Act Now

An issue was discovered in BageCMS 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Bagecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18242 CRITICAL POC Act Now

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Youke 365
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18240 CRITICAL POC PATCH Act Now

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-18215 HIGH POC This Week

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Youke 365
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18257 HIGH POC This Week

An issue was discovered in BageCMS 3.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Bagecms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-17929 HIGH This Week

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Tpeditor
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-17927 HIGH This Week

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Tpeditor
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-12441 HIGH This Week

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Corsair Utility Engine
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-12449 HIGH This Week

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-15766 HIGH This Week

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Brute Force Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1745 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-1738 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2018-1708 MEDIUM PATCH This Month

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Platform Symphony Specturm Symphony
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1706 MEDIUM PATCH This Month

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1724 MEDIUM PATCH This Month

IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Spectrum Lsf
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy