Skip to main content
CVE-2018-8440 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1703 Windows 10 1709 +7
NVD
CVSS 3.1
7.8
EPSS
18.4%
CVE-2018-17023 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16796 HIGH POC This Week

HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Grc Suite
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16745 HIGH POC This Week

An issue was discovered in mgetty before 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mgetty
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16744 HIGH POC This Week

An issue was discovered in mgetty before 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mgetty
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-16743 HIGH POC This Week

An issue was discovered in mgetty before 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mgetty
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16742 HIGH POC This Week

An issue was discovered in mgetty before 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mgetty
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16741 HIGH POC This Week

An issue was discovered in mgetty before 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mgetty Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-8410 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.0%
CVE-2018-17020 HIGH POC This Week

ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-16985 HIGH POC This Week

In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Lizard
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-8474 HIGH POC THREAT This Week

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Lync For Mac
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
38.2%
CVE-2018-8467 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
69.0%
CVE-2018-8466 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
69.0%
CVE-2018-8269 HIGH POC PATCH THREAT This Week

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Denial Of Service Microsoft Data Odata
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
25.7%
CVE-2018-8469 HIGH POC PATCH THREAT This Week

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Edge
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
15.4%
CVE-2018-8463 HIGH POC PATCH THREAT This Week

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Edge
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
15.4%
CVE-2018-17022 HIGH POC This Week

Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-16987 HIGH POC This Week

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Squash Tm
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-17018 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17017 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17016 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17015 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17014 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17013 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17012 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17011 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17010 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17009 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17008 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17007 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17006 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17005 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17004 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17000 MEDIUM POC This Month

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-17025 MEDIUM POC This Month

admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17021 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-5548 MEDIUM POC This Month

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Big Ip Access Policy Manager
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-16983 CRITICAL Act Now

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Noscript Tor Browser
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-8421 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Net Framework
NVD
CVSS 3.0
9.8
EPSS
28.9%
CVE-2018-16999 MEDIUM POC This Month

Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-16982 MEDIUM POC PATCH This Month

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Open Chinese Convert
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-17026 MEDIUM POC This Month

admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-17024 MEDIUM POC This Month

admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-5545 HIGH This Week

On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Websafe Alert Server
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-8475 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
8.8
EPSS
14.6%
CVE-2018-8420 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +2
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2018-8332 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office For Mac Windows 10 +3
NVD
CVSS 3.0
8.8
EPSS
19.1%
CVE-2018-8468 MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
11.8%
CVE-2018-8439 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
8.4
EPSS
4.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy