Skip to main content
CVE-2018-18748 CRITICAL POC Act Now

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sandboxie
NVD GitHub
CVSS 3.0
10.0
EPSS
2.4%
CVE-2018-18792 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18791 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18789 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18787 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18786 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18785 CRITICAL POC Act Now

An issue was discovered in zzcms 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18753 CRITICAL POC Act Now

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Typecho
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-18752 CRITICAL POC Act Now

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Webiness Inventory
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18751 CRITICAL POC Act Now

An issue was discovered in GNU gettext 0.19.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gettext Ubuntu Linux Enterprise Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-18729 CRITICAL POC Act Now

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware +3
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18728 CRITICAL POC Act Now

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda RCE Command Injection Ac9 Firmware Ac15 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-18705 CRITICAL POC Act Now

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-18704 CRITICAL POC Act Now

PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-18702 CRITICAL POC Act Now

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18765 CRITICAL POC Act Now

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Mongoose
NVD GitHub
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-18764 CRITICAL POC Act Now

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Mongoose
NVD GitHub
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-18754 CRITICAL Act Now

ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Vmg3312 B10B Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy