Skip to main content
CVE-2018-20508 CRITICAL POC Act Now

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crashfix
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20519 HIGH POC This Week

An issue was discovered in 74cms v4.2.111. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP 74Cms
NVD GitHub
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-20524 MEDIUM POC This Month

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chat Anywhere
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20520 MEDIUM POC This Month

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20511 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy