Skip to main content
CVE-2018-11714 CRITICAL POC THREAT Act Now

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure TP-Link Tl Wr840N Firmware Tl Wr841n Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.5%
CVE-2018-11711 CRITICAL POC Act Now

A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mf210 Firmware Mf220 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-11692 CRITICAL POC Act Now

An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lbp3370 Firmware Lbp3460 Firmware Lbp7750C Firmware Lbp6650 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-3853 HIGH POC This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-11696 HIGH POC This Week

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-11695 HIGH POC This Week

An issue was discovered in LibSass <3.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-11694 HIGH POC This Week

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-11698 HIGH POC This Week

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsass
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-11697 HIGH POC This Week

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsass
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-11693 HIGH POC This Week

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsass
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-11709 MEDIUM POC This Month

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Wpforo Forum
NVD
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-10611 CRITICAL Act Now

Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass RCE Mds Pulsenet
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-11715 MEDIUM POC This Month

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Recent Threads
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-11710 HIGH PATCH This Week

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Libopenmpt
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-11685 HIGH This Week

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Liblouis Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-11684 HIGH This Week

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Liblouis Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-11683 HIGH This Week

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Liblouis Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-10615 HIGH This Week

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mds Pulsenet
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2018-1600 HIGH This Week

IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-11712 HIGH PATCH This Week

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10613 HIGH This Week

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XXE Mds Pulsenet
NVD
CVSS 3.0
7.5
EPSS
18.3%
CVE-2018-11713 MEDIUM PATCH This Month

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Libsoup
NVD
CVSS 3.0
6.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy