Skip to main content
CVE-2018-14066 CRITICAL POC Act Now

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lenovo Google Android
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2018-14064 CRITICAL POC THREAT Act Now

The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Velotismart Wifi Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
37.6%
CVE-2018-14060 CRITICAL POC Act Now

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Xiaomi R3D Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-14010 CRITICAL POC Act Now

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Xiaomi R3P Firmware Xiaomi R3C Firmware Xiaomi R3D Firmware Xiaomi R3
NVD GitHub
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-14065 CRITICAL PATCH Act Now

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE PHP Common
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-14063 CRITICAL Act Now

The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Tracto
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy