Skip to main content
CVE-2018-19138 HIGH POC This Week

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wstmart
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-17612 HIGH POC PATCH This Week

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Headsetup Windows 10 Windows 7 +6
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-19125 HIGH POC PATCH THREAT This Week

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prestashop
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
10.8%
CVE-2018-15796 HIGH This Week

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bits Service
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1834 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1802 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1781 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1780 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1774 HIGH This Week

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Api Connect
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-19124 HIGH PATCH This Week

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Prestashop
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy