Skip to main content
CVE-2018-3895 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-15901 HIGH POC This Week

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP E107
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15884 HIGH POC This Week

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C4504Ex Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-15571 HIGH POC This Week

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Export Users To Csv
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
1.5%
CVE-2018-3916 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-14572 HIGH POC This Week

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Conference Scheduler Cli
NVD GitHub
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-3908 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-15529 HIGH This Week

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mutiny
NVD GitHub
CVSS 3.0
8.8
EPSS
4.8%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy