Skip to main content
CVE-2018-1000861 CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Openshift Container Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
98.5%
CVE-2018-19991 CRITICAL POC Act Now

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Verynginx
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-20015 HIGH POC This Week

YzmCMS v5.2 has admin/role/add.html CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Yzmcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20004 HIGH POC This Week

An issue has been found in Mini-XML (aka mxml) 2.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mini Xml Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-1000863 HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal Openshift Container Platform
NVD
CVSS 3.0
8.2
EPSS
6.8%
CVE-2018-20051 HIGH POC This Week

Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jooan Ja Q1H Wi Fi Camera Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20050 HIGH POC This Week

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jooan Ja Q1H Wi Fi Camera Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-20018 HIGH POC This Week

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi S Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-16636 MEDIUM POC This Month

Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nucleus Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20001 MEDIUM POC This Month

In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20006 MEDIUM POC This Month

An issue was discovered in PHPok v5.0.055. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-20005 MEDIUM POC This Month

An issue has been found in Mini-XML (aka mxml) 2.12. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Mini Xml Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-20002 MEDIUM POC PATCH This Month

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils Vasa Provider Traffix Signaling Delivery Controller
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-16635 MEDIUM POC This Month

Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blackcat Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-15805 CRITICAL Act Now

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Prizmdoc
NVD
CVSS 3.0
9.1
EPSS
1.6%
CVE-2018-1000866 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Pipeline +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000865 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Script Security +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-20017 MEDIUM POC This Month

SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20012 MEDIUM POC This Month

PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpcmf
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20011 MEDIUM POC This Month

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
4.4%
CVE-2018-20010 MEDIUM POC This Month

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
4.4%
CVE-2018-20009 MEDIUM POC This Month

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
4.4%
CVE-2018-3988 MEDIUM POC This Month

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Information Disclosure Private Messenger
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2018-20000 HIGH PATCH This Week

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Bw Webdav
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-15800 MEDIUM This Month

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bits Service
NVD
CVSS 3.0
6.8
EPSS
0.9%
CVE-2018-1279 MEDIUM This Month

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1000864 MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1671 MEDIUM PATCH This Month

IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-20029 MEDIUM This Month

The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Dokany Nomachine
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2018-1957 MEDIUM PATCH This Month

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1000862 MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy