Skip to main content
CVE-2018-17532 CRITICAL POC THREAT Act Now

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
71.3%
CVE-2018-15540 CRITICAL POC Act Now

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cockpit
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18322 CRITICAL POC THREAT Act Now

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Webpanel
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.1%
CVE-2018-18320 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +11
NVD GitHub
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-18319 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware +12
NVD GitHub
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-18317 HIGH POC This Week

DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18316 HIGH POC This Week

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Emlog
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17961 HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
10.0%
CVE-2018-17980 HIGH POC This Week

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nomachine
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.6%
CVE-2018-15592 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15591 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ivanti RCE Information Disclosure Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-18323 HIGH POC THREAT This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Webpanel
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
70.7%
CVE-2018-18318 HIGH POC This Week

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service 360 Mobile Phone N6 Pro Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17534 MEDIUM POC This Month

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-18259 MEDIUM POC This Month

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Luya Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17533 MEDIUM POC This Month

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-18324 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.2%
CVE-2018-18296 MEDIUM POC This Month

MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18310 MEDIUM POC PATCH This Month

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils Debian Linux Enterprise Linux Desktop +4
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-18309 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-15539 HIGH This Week

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cockpit
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15593 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-18315 HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1747 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1744 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-18073 MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.3
EPSS
2.7%
CVE-2018-18260 MEDIUM This Month

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camaleon Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-15538 MEDIUM This Month

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cockpit
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-18361 MEDIUM This Month

An issue was discovered in nc-cms through 2017-03-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nc Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12154 MEDIUM This Month

Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Graphics Driver
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15378 MEDIUM PATCH This Month

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Clamav Debian Linux +1
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-15590 MEDIUM This Month

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.0
5.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy