Skip to main content
CVE-2018-15728 HIGH POC This Week

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Couchbase Server
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-3909 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2018-15576 HIGH POC This Week

An issue was discovered in EasyLogin Pro through 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Easylogin Pro
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.7%
CVE-2018-11654 HIGH POC This Week

Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ip Camera Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-15535 HIGH POC THREAT This Week

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
45.2%
CVE-2018-1699 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-14598 HIGH PATCH This Week

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libx11 Ubuntu Linux Debian Linux Fedora
NVD
CVSS 3.0
7.5
EPSS
4.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy