Skip to main content
CVE-2018-18955 HIGH POC PATCH Act Now

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID. Rated high severity (CVSS 7.0). Public exploit code available.

Authentication Bypass Privilege Escalation Linux Linux Kernel Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
7.6%
CVE-2018-19318 HIGH POC This Week

SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Srcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19312 HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-18799 HIGH POC This Week

School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Attendance Monitoring System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18797 HIGH POC This Week

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Attendance Monitoring System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18794 HIGH POC This Week

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Event Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18759 HIGH POC This Week

Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Modbus Slave
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.8%
CVE-2018-18756 HIGH POC This Week

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Local Server
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-7363 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-7362 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-19296 HIGH PATCH This Week

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Phpmailer Debian Linux Fedora WordPress
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2018-16396 HIGH This Week

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruby Ubuntu Linux Debian Linux Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
8.0%
CVE-2018-15769 HIGH PATCH This Week

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bsafe Application Testing Suite Communications Analytics Communications Ip Service Activator +8
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-9086 HIGH PATCH This Week

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Lenovo RCE Command Injection Thinkserver Rd340 Firmware Thinkserver Rd440 Firmware +2
NVD
CVSS 3.0
7.2
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy