Skip to main content
CVE-2018-20452 HIGH POC This Week

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libxls
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20463 HIGH POC THREAT This Week

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Path Traversal PHP Jsmol2Wp
NVD
CVSS 3.0
7.5
EPSS
13.1%
CVE-2018-20437 HIGH POC PATCH This Week

An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Febs Shiro
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-20465 HIGH POC This Week

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Craft Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy