Skip to main content
CVE-2018-15745 HIGH POC THREAT This Week

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dvr
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
97.7%
CVE-2018-14903 HIGH POC This Week

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-14902 HIGH POC This Week

The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Iprint
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14901 HIGH POC This Week

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Iprint
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-14900 HIGH POC This Week

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wf 2750 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-16238 HIGH POC This Week

An issue was discovered in damiCMS V6.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Damicms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-15480 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11718 HIGH This Week

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14317 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-11616 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Foxmail
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2018-15478 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-15476 HIGH This Week

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-10936 HIGH PATCH This Week

A weakness was found in postgresql-jdbc before version 42.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Postgresql Jdbc Driver Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
2.9%
CVE-2018-15363 HIGH This Week

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Information Disclosure Buffer Overflow Antivirus Security +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-10514 HIGH This Week

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus Security Internet Security Maximum Security +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10513 HIGH This Week

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deserialization Antivirus Security Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-14619 HIGH PATCH This Week

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-16140 HIGH This Week

A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ubuntu Linux Fig2Dev
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-16231 HIGH This Week

Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pftp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-11720 HIGH This Week

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-13823 HIGH PATCH This Week

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Project Portfolio Management
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-13822 HIGH PATCH This Week

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Project Portfolio Management
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-13820 HIGH This Week

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13819 HIGH This Week

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Infrastructure Management
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-16131 HIGH PATCH This Week

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Akka Http
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-14622 HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-14621 HIGH PATCH This Week

An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libtirpc
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-11615 HIGH PATCH This Week

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Mosca
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-16058 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-16057 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2018-16056 HIGH This Week

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy