Skip to main content
CVE-2018-20157 HIGH POC This Week

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Openrefine
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-20159 HIGH POC This Week

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP I Doit
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
9.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy