Skip to main content
CVE-2018-16709 CRITICAL POC Act Now

Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docucentre V 3065 Firmware Apeosport V C4475 Firmware Apeosport Vi C3371 Firmware Apeosport V C3375 Firmware +5
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-16460 CRITICAL POC PATCH Act Now

A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Ps
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-16657 CRITICAL POC Act Now

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service RCE Debian Linux Kamailio
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-15474 CRITICAL POC Act Now

CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Information Disclosure PHP Dokuwiki
NVD GitHub
CVSS 3.0
9.6
EPSS
3.3%
CVE-2018-15486 CRITICAL POC Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Group Controller Firmware
NVD
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-16710 CRITICAL POC Act Now

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Octoprint
NVD GitHub
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-3952 HIGH POC This Week

An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Command Injection Nordvpn
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-12897 HIGH POC This Week

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Dameware Mini Remote Control
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-4010 HIGH POC This Week

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Command Injection Protonvpn
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2018-16454 HIGH POC This Week

PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Currency Converter Script
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-15552 HIGH POC This Week

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure The Ethereum Lottery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-1756 HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.6%
CVE-2018-14398 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cremecrm
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16655 MEDIUM POC This Month

Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gxlcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16654 MEDIUM POC This Month

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16653 MEDIUM POC This Month

rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rejucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1789 CRITICAL PATCH Act Now

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Api Connect
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2018-15484 CRITICAL Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Group Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-1567 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0645 CRITICAL Act Now

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP Mtappjquery
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-9283 MEDIUM POC This Month

An XSS issue was discovered in CremeCRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-16363 MEDIUM POC PATCH This Month

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP File Manager
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-14397 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14396 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-16059 MEDIUM POC THREAT This Month

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wirelesshart Fieldgate Swg70 Firmware
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
29.8%
CVE-2018-15485 CRITICAL Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Group Controller Firmware
NVD
CVSS 3.0
9.1
EPSS
2.5%
CVE-2018-0663 HIGH This Week

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-0661 HIGH This Week

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0647 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wl 330Nul Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16650 HIGH PATCH This Week

phpMyFAQ before 2.9.11 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Phpmyfaq
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16666 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-16663 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0649 HIGH This Week

Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Eset Information Disclosure Compusec Deslock Pro Internet Security +3
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0648 HIGH This Week

Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Chatwork
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-0624 HIGH This Week

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aoiro Shinkoku Hanbai Kaikei Kokyaku Kanri +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0623 HIGH This Week

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aoiro Shinkoku Hanbai Kaikei Kokyaku Kanri +2
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-15483 HIGH This Week

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Group Controller Firmware
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-0650 HIGH This Week

The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Line Music
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2018-0658 HIGH This Week

Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ec Cube Payment Module Gmo Pg Payment Module
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-16651 HIGH This Week

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Phpmyfaq
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-16667 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-16664 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-0662 MEDIUM This Month

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-0643 MEDIUM This Month

Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ubuntu Linux Online Receipt Computer Advantage
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2018-0644 MEDIUM This Month

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16665 MEDIUM This Month

An issue was discovered in Contiki-NG through 4.1. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2018-16658 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.18.6. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-0654 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0653 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0642 MEDIUM This Month

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fv Flowplayer Video Player
NVD
CVSS 3.0
6.1
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy