Skip to main content
CVE-2018-9128 HIGH POC This Week

DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Dvd X Player
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.9%
CVE-2018-9158 HIGH POC This Week

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure M1033 W Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-9156 HIGH POC This Week

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Apache RCE P1354 Firmware
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-9149 MEDIUM POC This Month

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Ac3000 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-9172 MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.2%
CVE-2018-6849 MEDIUM POC THREAT This Month

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Duckduckgo
NVD GitHub Exploit-DB
CVSS 3.0
4.3
EPSS
30.1%
CVE-2018-9157 HIGH This Week

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Apache RCE M1033 W Firmware
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-9165 MEDIUM PATCH This Month

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy