Skip to main content
CVE-2018-20129 HIGH POC This Week

An issue was discovered in DedeCMS V5.7 SP2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Code Injection RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
8.2%
CVE-2018-8033 HIGH POC THREAT This Week

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ofbiz
NVD
CVSS 3.0
7.5
EPSS
25.7%
CVE-2018-20128 HIGH POC This Week

An issue was discovered in UsualToolCMS v8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Usualtoolcms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-20127 HIGH POC This Week

An issue was discovered in zzzphp cms 1.5.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-15774 HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-15754 HIGH This Week

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-13814 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-16557 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simatic S7 400 Firmware Simatic S7 400 Pn Dp V7 Firmware Simatic S7 400H Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-13813 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-13804 HIGH This Week

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic It Line Monitoring System Simatic It Production Suite Simatic It Ua Discrete Manufacturing
NVD
CVSS 3.0
8.1
EPSS
2.7%
CVE-2018-1887 HIGH PATCH This Week

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-20145 HIGH PATCH This Week

Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Mosquitto
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-19118 HIGH This Week

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Memory Corruption Denial Of Service Buffer Overflow Manageengine Adaudit Plus
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-1814 HIGH PATCH This Week

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-1665 HIGH PATCH This Week

IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-16556 HIGH This Week

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic S7 400 Firmware Simatic S7 400 Pn Dp V7 Firmware Simatic S7 400H Firmware Simatic S7 410 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-13815 HIGH This Week

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic S7 1200 Firmware Simatic S7 1500 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-13812 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
7.5
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy