Skip to main content
CVE-2018-8880 HIGH POC THREAT This Week

Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quantum Bacnet Integration Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.0%
CVE-2018-10299 HIGH POC This Week

An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Beauty Ecosystem Coin
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-10303 HIGH This Week

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-3850 HIGH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2018-10234 MEDIUM POC This Month

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP User Profile Membership
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10233 HIGH This Week

The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress User Profile Membership
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-8781 HIGH PATCH This Week

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Linux Linux Kernel Ubuntu Linux +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-10302 HIGH This Week

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
3.2%
CVE-2018-10301 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wd Instagram Feed
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-10300 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wd Instagram Feed
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1106 MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9921 MEDIUM This Month

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Cms Made Simple
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-4847 MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Apple Simatic Wincc Oa Operator
NVD
CVSS 3.0
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy