Skip to main content
CVE-2018-9149 MEDIUM POC This Month

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Ac3000 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-9172 MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.2%
CVE-2018-6849 MEDIUM POC THREAT This Month

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Duckduckgo
NVD GitHub Exploit-DB
CVSS 3.0
4.3
EPSS
30.1%
CVE-2018-9165 MEDIUM PATCH This Month

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy