Skip to main content
CVE-2018-1217 CRITICAL POC THREAT Act Now

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Emc Avamar Emc Integrated Data Protection Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
46.6%
CVE-2018-9856 HIGH POC PATCH This Week

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kotti
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9864 MEDIUM POC This Month

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-9857 MEDIUM POC This Month

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Match Clone Script
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-0545 CRITICAL Act Now

LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lxr
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-0556 HIGH This Week

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0554 HIGH This Week

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5463 HIGH This Week

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Laquis Scada
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9862 HIGH PATCH This Week

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Docker Runv
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0555 HIGH This Week

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-1308 HIGH PATCH This Week

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Solr Debian Linux
NVD
CVSS 3.0
7.5
EPSS
20.9%
CVE-2018-0553 HIGH This Week

The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Iremocon Wifi
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2018-6182 MEDIUM This Month

Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mahara
NVD
CVSS 3.0
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy