Skip to main content
CVE-2018-9206 CRITICAL POC PATCH THREAT Act Now

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Jquery File Upload
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2018-18258 CRITICAL POC Act Now

An issue was discovered in BageCMS 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Bagecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18242 CRITICAL POC Act Now

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Youke 365
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18240 CRITICAL POC PATCH Act Now

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy