Skip to main content
CVE-2018-19422 HIGH POC PATCH THREAT Act Now

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Subrion Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
64.3%
CVE-2018-19417 CRITICAL POC Act Now

An issue was discovered in the MQTT server in Contiki-NG before 4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
10.0
EPSS
5.7%
CVE-2018-19410 CRITICAL POC KEV THREAT Act Now

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prtg Network Monitor
NVD
CVSS 3.1
9.8
EPSS
86.5%
CVE-2018-19416 HIGH POC This Week

An issue was discovered in sysstat 12.1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sysstat
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-19423 HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
18.0%
CVE-2018-19404 HIGH POC This Week

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yxcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.6%
CVE-2018-19409 CRITICAL Act Now

An issue was discovered in Artifex Ghostscript before 9.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2018-19411 HIGH This Week

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Prtg Network Monitor
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-19421 LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
CVSS 3.0
3.8
EPSS
0.8%
CVE-2018-19420 LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
CVSS 3.0
3.8
EPSS
0.8%
CVE-2018-19424 HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-19407 MEDIUM PATCH This Month

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-19406 MEDIUM PATCH This Month

kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1843 MEDIUM PATCH This Month

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM Information Disclosure Cloud Private
NVD
CVSS 3.0
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy