Skip to main content
CVE-2018-10740 CRITICAL POC Act Now

Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Axublog
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-10562 CRITICAL POC KEV THREAT Act Now

An issue was discovered on Dasan GPON home routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gpon Router Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2018-10561 CRITICAL POC KEV THREAT Act Now

An issue was discovered on Dasan GPON home routers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gpon Router Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.9%
CVE-2018-10750 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-10749 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10748 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10747 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10746 HIGH POC This Week

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Dsl 3782 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-10641 HIGH POC This Week

D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD GitHub
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-10722 HIGH POC This Week

In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cylanceprotect
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-9154 HIGH POC This Week

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-10733 MEDIUM POC This Month

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libgxps Ansible Tower +4
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10251 CRITICAL Act Now

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Aleos
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-8869 CRITICAL Act Now

In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ids 2102 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-8865 CRITICAL Act Now

In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Ids 2102 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2018-10739 MEDIUM POC This Month

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 2345 Security Guard
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10726 MEDIUM POC This Month

A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yellow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-7509 HIGH This Week

WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Wplsoft
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-7507 HIGH This Week

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Wplsoft
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-7494 HIGH This Week

WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Wplsoft
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-8853 HIGH This Week

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Brilliance Firmware 64 Brilliance Ict Sp Firmware Brilliance Ict Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-8861 HIGH This Week

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Brilliance Firmware 64 Brilliance Ict Sp Firmware Brilliance Ict Firmware +1
NVD
CVSS 3.0
8.7
EPSS
0.4%
CVE-2018-8872 HIGH This Week

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-9063 HIGH This Week

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo RCE Buffer Overflow System Update
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8857 HIGH This Week

Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Brilliance Firmware 64 Brilliance Ict Sp Firmware Brilliance Ict Firmware Brilliance Ct Big Bore Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-7522 MEDIUM This Month

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-5446 MEDIUM This Month

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure 2090 Carelink Programmer Firmware
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2018-10229 MEDIUM This Month

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Chrome Firefox Nexus 5
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-5448 MEDIUM This Month

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Rated medium severity (CVSS 4.8). No vendor patch available.

Path Traversal 2090 Carelink Programmer Firmware
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy