Skip to main content
CVE-2018-11094 CRITICAL POC THREAT Act Now

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ncloud 300 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
35.6%
CVE-2018-11126 HIGH POC This Week

dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Doorgets
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11098 HIGH POC This Week

An issue was discovered in Frog CMS 0.9.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-11105 MEDIUM POC PATCH This Month

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Live Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-8845 CRITICAL Act Now

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Webaccess Webaccess Dashboard +2
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2018-7505 CRITICAL Act Now

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Webaccess Webaccess Dashboard Webaccess Scada +1
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-7499 CRITICAL Act Now

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Webaccess Webaccess Dashboard +2
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2018-7497 CRITICAL Act Now

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-10589 CRITICAL Act Now

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Webaccess Webaccess Dashboard Webaccess Scada +1
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-1131 HIGH PATCH This Week

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Infinispan Jboss Data Grid
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-11100 HIGH This Week

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-11095 HIGH This Week

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-8841 HIGH This Week

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1087 HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-7503 HIGH This Week

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-7501 HIGH This Week

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-7495 HIGH This Week

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-10590 HIGH This Week

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-11102 HIGH This Week

An issue was discovered in Libav 12.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libav
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-11097 HIGH This Week

An issue was discovered in cloudwu/cstring through 2016-11-09. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cstring
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1262 HIGH PATCH This Week

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cloud Foundry Uaa Cloud Foundry Uaa Release Cf Deployment
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-11127 MEDIUM This Month

e107 2.1.7 has CSRF resulting in arbitrary user deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF E107
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-3611 MEDIUM This Month

Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service Graphics Driver
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-10591 MEDIUM This Month

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Webaccess Webaccess Dashboard Webaccess Scada Webaccess Nms
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-3661 MEDIUM This Month

Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Syscfg Selview
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-3634 MEDIUM This Month

Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Online Connect Access
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2018-10825 MEDIUM This Month

Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Mimo Baby 2 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2018-1263 MEDIUM PATCH This Month

Addresses partial fix in CVE-2018-1261. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Java Path Traversal Spring Integration Zip
NVD
CVSS 3.1
4.7
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy