Skip to main content
CVE-2018-20188 HIGH POC This Week

FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fuel Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20167 HIGH POC PATCH This Week

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Terminology
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-7812 HIGH POC This Week

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-18250 HIGH POC This Week

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga Web 2
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-19295 HIGH PATCH This Week

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7833 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20092 HIGH This Week

PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Thingworx Platform
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-16596 HIGH This Week

A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption RCE Buffer Overflow Internet Box Standard Firmware Internet Box Light Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy