Skip to main content
CVE-2018-10718 CRITICAL POC THREAT Act Now

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Call Of Duty Modern Warfare 2
NVD GitHub Exploit-DB
CVSS 3.0
10.0
EPSS
31.2%
CVE-2018-10168 HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-10166 HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10717 HIGH POC PATCH This Week

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Ngiflib
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-10713 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-10167 HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10716 MEDIUM POC This Month

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 2345 Security Guard
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10165 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10164 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10666 HIGH This Week

The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Idex Membership
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-4849 HIGH This Week

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Siemens Apple Siveillance Vms Video
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2018-10689 MEDIUM PATCH This Month

blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Linux Buffer Overflow Blktrace
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-8003 MEDIUM This Month

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Ambari
NVD
CVSS 3.0
5.3
EPSS
4.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy