Skip to main content
CVE-2018-3907 CRITICAL POC Act Now

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2018-11653 CRITICAL POC Act Now

Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ip Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-3786 CRITICAL POC PATCH THREAT Act Now

A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Egg Scripts
NVD GitHub
CVSS 3.1
9.8
EPSS
12.3%
CVE-2018-15728 HIGH POC This Week

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Couchbase Server
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-3909 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2018-15576 HIGH POC This Week

An issue was discovered in EasyLogin Pro through 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Easylogin Pro
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.7%
CVE-2018-11654 HIGH POC This Week

Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ip Camera Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-15535 HIGH POC THREAT This Week

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
45.2%
CVE-2018-11502 MEDIUM POC This Month

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Moderator Log Notes
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-15120 MEDIUM POC PATCH THREAT This Month

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Pango Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
11.5%
CVE-2018-1722 CRITICAL Act Now

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Security Access Manager
NVD
CVSS 3.0
10.0
EPSS
9.0%
CVE-2018-14600 CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libx11 Ubuntu Linux +1
NVD
CVSS 3.0
9.8
EPSS
9.3%
CVE-2018-14599 CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libx11 Ubuntu Linux Debian Linux Fedora +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-11749 CRITICAL Act Now

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-15536 MEDIUM POC This Month

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
6.4%
CVE-2018-14059 MEDIUM POC PATCH This Month

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pimcore
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.1%
CVE-2018-11061 CRITICAL Act Now

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Rsa Netwitness Rsa Security Analytics
NVD
CVSS 3.0
9.1
EPSS
5.0%
CVE-2018-1699 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-15499 MEDIUM POC This Month

GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Microsoft Denial Of Service Gearaspiwdm
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-14598 HIGH PATCH This Week

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libx11 Ubuntu Linux Debian Linux Fedora
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2018-15605 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin before 4.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-1755 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-11065 MEDIUM This Month

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Archer
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy