Skip to main content
CVE-2018-18773 HIGH POC This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Webpanel
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-18772 HIGH POC This Week

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Command Injection PHP Webpanel
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-18865 HIGH POC This Week

The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Royal Ts Royal Tsx
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
8.0%
CVE-2018-18859 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18858 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18857 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18856 HIGH POC This Week

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Liquidvpn
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18440 HIGH POC This Week

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow U Boot
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-19396 HIGH POC This Week

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization PHP
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-19395 HIGH POC This Week

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service PHP
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-18562 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-18561 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Firmware Base Unit Hub Firmware
NVD
CVSS 3.0
8.0
EPSS
0.7%
CVE-2018-1779 HIGH PATCH This Week

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Api Connect
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-18564 HIGH This Week

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware
NVD
CVSS 3.0
7.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy