Skip to main content
CVE-2018-18923 CRITICAL POC Act Now

AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ticketly
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-18922 CRITICAL POC Act Now

add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ticketly
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-1821 CRITICAL POC THREAT Act Now

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM XXE Operational Decision Manager
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
15.8%
CVE-2018-20129 HIGH POC This Week

An issue was discovered in DedeCMS V5.7 SP2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Code Injection RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
8.2%
CVE-2018-8033 HIGH POC THREAT This Week

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ofbiz
NVD
CVSS 3.0
7.5
EPSS
25.7%
CVE-2018-20128 HIGH POC This Week

An issue was discovered in UsualToolCMS v8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Usualtoolcms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-20127 HIGH POC This Week

An issue was discovered in zzzphp cms 1.5.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-7691 MEDIUM POC This Month

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fortify Software Security Center
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.2%
CVE-2018-7690 MEDIUM POC This Month

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fortify Software Security Center
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.4%
CVE-2018-19439 MEDIUM POC THREAT This Month

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle XSS Secure Global Desktop
NVD
CVSS 3.0
6.1
EPSS
20.5%
CVE-2018-1818 CRITICAL Act Now

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-20138 MEDIUM POC This Month

PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Entrepreneur B2B Script
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-15774 HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-15754 HIGH This Week

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-20137 MEDIUM POC This Month

XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fuel Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20136 MEDIUM POC This Month

XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fuel Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-13814 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-16557 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simatic S7 400 Firmware Simatic S7 400 Pn Dp V7 Firmware Simatic S7 400H Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-13813 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-13804 HIGH This Week

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic It Line Monitoring System Simatic It Production Suite Simatic It Ua Discrete Manufacturing
NVD
CVSS 3.0
8.1
EPSS
2.7%
CVE-2018-1887 HIGH PATCH This Week

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-20145 HIGH PATCH This Week

Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Mosquitto
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19118 HIGH This Week

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Memory Corruption Denial Of Service Buffer Overflow Manageengine Adaudit Plus
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-1814 HIGH PATCH This Week

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-1665 HIGH PATCH This Week

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-16556 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic S7 400 Firmware Simatic S7 400 Pn Dp V7 Firmware Simatic S7 400H Firmware Simatic S7 410 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-13815 HIGH This Week

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 1200 Firmware Simatic S7 1500 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-13812 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-15776 MEDIUM This Month

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac7 Firmware Idrac8 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-19039 MEDIUM PATCH This Month

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Grafana Information Disclosure Ceph Storage Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
6.5
EPSS
7.3%
CVE-2018-1813 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1817 MEDIUM This Month

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1815 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1803 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Security Access Manager
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-19364 MEDIUM PATCH This Month

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Qemu Ubuntu Linux +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-13811 MEDIUM This Month

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Step 7 Tia Portal
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-5411 MEDIUM This Month

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tractor
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1740 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Access Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1667 MEDIUM PATCH This Month

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Datapower Gateway
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16555 MEDIUM This Month

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions <. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance S602 Firmware Scalance S612 Firmware Scalance S623 Firmware +1
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1653 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Access Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16872 MEDIUM PATCH This Month

A flaw was found in qemu Media Transfer Protocol (MTP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Qemu Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-1886 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-19489 MEDIUM PATCH This Month

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Qemu Debian Linux Fedora +2
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2018-1805 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-12076 MEDIUM This Month

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Market Card
NVD
CVSS 3.0
4.2
EPSS
0.3%
CVE-2018-1804 LOW PATCH Monitor

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Session Fixation IBM Information Disclosure Security Access Manager
NVD
CVSS 3.0
3.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy