Skip to main content
CVE-2018-13417 CRITICAL POC THREAT Act Now

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Bittorrent Client
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.7%
CVE-2018-13415 CRITICAL POC THREAT Act Now

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Media Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.8%
CVE-2018-15124 CRITICAL Act Now

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zipabox Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-15123 CRITICAL Act Now

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zipabox Firmware
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-15145 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-15143 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-6414 CRITICAL Act Now

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision RCE Buffer Overflow Ip Cameras
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-5924 CRITICAL Act Now

A security vulnerability has been identified with certain HP Inkjet printers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Memory Corruption RCE Buffer Overflow T8X44 Firmware +269
NVD
CVSS 3.0
9.8
EPSS
12.2%
CVE-2018-0714 CRITICAL Act Now

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Helpdesk
NVD
CVSS 3.0
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy