Skip to main content
CVE-2018-9112 CRITICAL POC Act Now

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ap Fc4064 T Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-8824 CRITICAL POC Act Now

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive Mega Menu Pro Prestashop
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-10942 CRITICAL POC THREAT Act Now

modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Attribute Wizard
NVD
CVSS 3.0
9.8
EPSS
12.7%
CVE-2018-10957 HIGH POC This Week

CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 868l Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-10977 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10976 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10975 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10974 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10655 HIGH POC THREAT This Week

DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Plug And Play Auditor
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
15.6%
CVE-2018-10955 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10954 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10953 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10952 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10973 HIGH POC This Week

An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Koreashow
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-10706 HIGH POC This Week

An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Social Chain
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-8061 HIGH POC This Week

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Amd64 Kernel Driver
NVD GitHub
CVSS 3.0
7.1
EPSS
0.4%
CVE-2018-10963 MEDIUM POC This Month

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2018-10958 MEDIUM POC This Month

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-8914 CRITICAL Act Now

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Synology Media Server
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-8060 MEDIUM POC This Month

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Amd64 Kernel Driver
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-10962 MEDIUM POC This Month

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 2345 Security Guard
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9111 MEDIUM POC This Month

Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ap Fc4064 T Firmware
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-1115 CRITICAL PATCH Act Now

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure PostgreSQL Leap
NVD
CVSS 3.1
9.1
EPSS
4.0%
CVE-2018-10982 HIGH PATCH This Week

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-7941 HIGH This Week

Huawei iBMC V200R002C60 have an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Ch121 V3 Firmware Ch121L V3 Firmware Ch140 V3 Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-3649 HIGH This Week

DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Dual Band Wireless Ac 3160 Dual Band Wireless Ac 7260 +16
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-3612 HIGH This Week

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Bios Ayaplcel 86A Bnkbl357 86A +15
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10972 HIGH This Week

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Free Lossless Image Format
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-7933 HIGH This Week

Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Huawei Path Traversal Hirouter Cd20 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-10981 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Debian Linux Xen
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-10951 MEDIUM This Month

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2018-7940 MEDIUM This Month

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate 9 Firmware Mate 9 Pro Firmware
NVD
CVSS 3.0
6.2
EPSS
0.3%
CVE-2018-10803 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF XSS Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1118 MEDIUM This Month

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux Ubuntu Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10971 MEDIUM This Month

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Flif
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-9849 MEDIUM This Month

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Pulse Connect Secure
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-1130 MEDIUM PATCH This Month

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-8915 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Calendar
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-8910 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Drive Server
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-6246 MEDIUM This Month

In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Nvidia Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-10950 MEDIUM This Month

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-10949 MEDIUM This Month

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-6254 LOW Monitor

In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Nvidia Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy