Skip to main content
CVE-2018-18317 HIGH POC This Week

DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dscms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18316 HIGH POC This Week

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Emlog
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17961 HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
10.0%
CVE-2018-17980 HIGH POC This Week

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nomachine
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.6%
CVE-2018-15592 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15591 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ivanti RCE Information Disclosure Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-18323 HIGH POC THREAT This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Webpanel
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
70.7%
CVE-2018-18318 HIGH POC This Week

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service 360 Mobile Phone N6 Pro Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-15539 HIGH This Week

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cockpit
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15593 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-18315 HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1747 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Key Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy