Skip to main content
CVE-2018-20015 HIGH POC This Week

YzmCMS v5.2 has admin/role/add.html CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Yzmcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20004 HIGH POC This Week

An issue has been found in Mini-XML (aka mxml) 2.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mini Xml Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-1000863 HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal Openshift Container Platform
NVD
CVSS 3.0
8.2
EPSS
6.8%
CVE-2018-20051 HIGH POC This Week

Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jooan Ja Q1H Wi Fi Camera Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20050 HIGH POC This Week

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jooan Ja Q1H Wi Fi Camera Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-20018 HIGH POC This Week

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi S Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-1000866 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Pipeline +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000865 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Script Security +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-20000 HIGH PATCH This Week

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Bw Webdav
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy