Skip to main content
CVE-2018-3952 HIGH POC This Week

An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Command Injection Nordvpn
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-12897 HIGH POC This Week

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Dameware Mini Remote Control
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-4010 HIGH POC This Week

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Command Injection Protonvpn
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2018-16454 HIGH POC This Week

PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Currency Converter Script
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-15552 HIGH POC This Week

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure The Ethereum Lottery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-1756 HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.6%
CVE-2018-0663 HIGH This Week

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-0661 HIGH This Week

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0647 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wl 330Nul Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16650 HIGH PATCH This Week

phpMyFAQ before 2.9.11 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Phpmyfaq
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16666 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-16663 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0649 HIGH This Week

Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Eset Information Disclosure Compusec Deslock Pro Internet Security +3
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0648 HIGH This Week

Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Chatwork
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-0624 HIGH This Week

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aoiro Shinkoku Hanbai Kaikei Kokyaku Kanri +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0623 HIGH This Week

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aoiro Shinkoku Hanbai Kaikei Kokyaku Kanri +2
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-15483 HIGH This Week

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Group Controller Firmware
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-0650 HIGH This Week

The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Line Music
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2018-0658 HIGH This Week

Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ec Cube Payment Module Gmo Pg Payment Module
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-16651 HIGH This Week

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Phpmyfaq
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-16667 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-16664 HIGH This Week

An issue was discovered in Contiki-NG through 4.1. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy