Skip to main content
CVE-2018-13134 MEDIUM POC This Month

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Archer C1200 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-13139 HIGH This Week

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-13133 HIGH This Week

Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Vyprvpn
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-13146 HIGH This Week

The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Lef
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13145 HIGH This Week

The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Javaswaptest
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13144 HIGH This Week

The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Pandora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-13132 HIGH This Week

Spadeico is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Spadeico
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13131 HIGH This Week

SpadePreSale is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Spadepresale
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13130 HIGH This Week

Bitotal (TFUND) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Bitotal
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13129 HIGH This Week

SP8DE Token (SPX) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sp8De
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13128 HIGH This Week

Etherty Token (ETY) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Etherty Token
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13127 HIGH This Week

SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sp8De Presale Token
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13126 HIGH This Week

MoxyOnePresale is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Moxyonepresale
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-11429 HIGH This Week

ATLANT (ATL) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Atlant
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-11335 HIGH This Week

GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Gvtoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13136 MEDIUM This Month

The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Member
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy