Skip to main content
CVE-2018-9856 HIGH POC PATCH This Week

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kotti
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0556 HIGH This Week

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0554 HIGH This Week

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5463 HIGH This Week

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Laquis Scada
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9862 HIGH PATCH This Week

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Docker Runv
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0555 HIGH This Week

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Wzr 1750Dhp2 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-1308 HIGH PATCH This Week

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Solr Debian Linux
NVD
CVSS 3.0
7.5
EPSS
20.9%
CVE-2018-0553 HIGH This Week

The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Iremocon Wifi
NVD
CVSS 3.0
7.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy