Skip to main content
CVE-2018-4233 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
53.8%
CVE-2018-4237 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Iphone Os Mac Os X Tvos +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
13.9%
CVE-2018-12065 CRITICAL POC Act Now

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Witycms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-10088 CRITICAL POC THREAT Act Now

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Uc Httpd
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
40.4%
CVE-2018-12055 CRITICAL POC Act Now

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-12052 CRITICAL POC Act Now

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-12051 CRITICAL POC Act Now

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Schools Alert Management Script
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12049 CRITICAL POC Act Now

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lbp6030W Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-12048 CRITICAL POC Act Now

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lbp7110Cw Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-12045 CRITICAL POC Act Now

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-4222 HIGH POC THREAT This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft RCE Information Disclosure Apple +7
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-4218 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft RCE Use After Free Denial Of Service +9
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.1%
CVE-2018-4200 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft RCE Use After Free Denial Of Service +8
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
8.7%
CVE-2018-4249 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow RCE Denial Of Service Apple +4
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-4243 HIGH POC THREAT This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Apple Apple Tv Iphone Os +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
18.8%
CVE-2018-4241 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Apple Apple Tv Iphone Os +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
8.2%
CVE-2018-4206 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Apple Apple Tv +3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.0%
CVE-2018-4193 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.7%
CVE-2018-4227 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Iphone Os Mac Os X
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-4192 HIGH POC THREAT This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE Apple Safari +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.5%
CVE-2018-12054 HIGH POC THREAT This Week

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
39.4%
CVE-2018-12053 HIGH POC THREAT This Week

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Schools Alert Management Script
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
11.0%
CVE-2018-12046 HIGH POC This Week

DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dedecms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-4230 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Nvidia RCE Apple Mac Os X
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
4.2%
CVE-2018-4240 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Iphone Os Mac Os X Tvos +1
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.0%
CVE-2018-9182 MEDIUM POC This Month

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Twonky Server
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-9177 MEDIUM POC This Month

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Twonky Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12047 MEDIUM POC This Month

xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-4229 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.0
10.0
EPSS
2.1%
CVE-2018-0225 CRITICAL Act Now

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Appdynamics App Iq
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-12064 CRITICAL Act Now

tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-9246 CRITICAL Act Now

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pgobject Util Dbadmin Ledgersmb
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-11229 CRITICAL Act Now

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Crestron Toolbox Protocol Firmware
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2018-11228 CRITICAL Act Now

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Crestron Toolbox Protocol Firmware
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2018-11409 MEDIUM POC THREAT This Month

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Splunk Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
98.4%
CVE-2018-4246 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Apple Safari Iphone Os +5
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-4220 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Apple Swift
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-4214 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Buffer Overflow Apple Safari +5
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-4204 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +5
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-4201 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +6
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-4199 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Denial Of Service Apple +6
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-4190 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Apple Safari Iphone Os +4
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-8926 HIGH This Week

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Synology Photo Station
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-8925 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Synology PHP Photo Station
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-8916 HIGH This Week

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1453 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Identity Manager
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-4242 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Apple Mac Os X
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-4236 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Apple Mac Os X
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-4234 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Apple Mac Os X
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-4219 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.0
7.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy