Skip to main content
CVE-2018-3875 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-16705 CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-16591 CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-16771 CRITICAL POC Act Now

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Hoosk
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-3897 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-3896 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-16608 HIGH POC This Week

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Monstra
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-16782 HIGH POC This Week

libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imageworsener
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-16770 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16769 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16768 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16767 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16766 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16765 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16764 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16797 HIGH POC This Week

A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Potplayer
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16774 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Hongcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-15886 HIGH POC This Week

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Code Injection RCE PHP Monstra
NVD GitHub
CVSS 3.0
7.2
EPSS
1.6%
CVE-2018-16806 MEDIUM POC This Month

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Passive Keyless Entry And Start System Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-14620 CRITICAL Act Now

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2018-16780 MEDIUM POC This Month

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Complete Responsive Cms Blog
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-16776 MEDIUM POC This Month

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Witycms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-16775 MEDIUM POC This Month

An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Victor Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16773 MEDIUM POC This Month

EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16772 MEDIUM POC This Month

Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hoosk
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-16790 HIGH PATCH This Week

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libbson
NVD GitHub
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-16802 HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-12608 HIGH PATCH This Week

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Docker Moby
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-11775 HIGH PATCH This Week

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Apache Information Disclosure Activemq Enterprise Repository +1
NVD
CVSS 3.0
7.4
EPSS
7.0%
CVE-2018-14625 HIGH PATCH This Week

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +2
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-14635 MEDIUM PATCH This Month

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Neutron
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-16781 MEDIUM This Month

ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16779 MEDIUM This Month

BlogCMS through 2016-10-25 has XSS via a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Blogcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14636 MEDIUM PATCH This Month

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Neutron
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-16805 MEDIUM This Month

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Solo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy