Skip to main content
CVE-2018-1000124 CRITICAL POC Act Now

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP I Librarian
NVD GitHub
CVSS 3.1
10.0
EPSS
1.8%
CVE-2018-7750 CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine Cloudforms Virtualization +7
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.1%
CVE-2018-1000125 CRITICAL Act Now

inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prime Jwt
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000123 CRITICAL PATCH Act Now

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Ios Keychain
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6300 CRITICAL Act Now

Remote password change in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-6299 CRITICAL Act Now

Authentication bypass in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-6298 CRITICAL Act Now

Remote code execution in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-6297 CRITICAL Act Now

Buffer overflow in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-6295 CRITICAL Act Now

Unencrypted way of remote control and communications in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-6294 CRITICAL Act Now

Unsecured way of firmware update in Hanwha Techwin Smartcams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snh V6410Pn Firmware Snh V6410Pnw Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-1000076 CRITICAL PATCH Act Now

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Rubygems Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy