Skip to main content
CVE-2018-17153 CRITICAL POC THREAT Emergency

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass My Cloud Wdbctl0020Hwt Firmware My Cloud Pr4100 My Cloud Pr2100 Firmware My Cloud Mirror Gen 2 Firmware +8
NVD
CVSS 3.0
9.8
EPSS
86.6%
CVE-2018-16669 CRITICAL POC Act Now

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-17111 CRITICAL Act Now

The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coinlancer
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1000802 CRITICAL PATCH Act Now

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Command Injection Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.8%
CVE-2018-16957 CRITICAL Act Now

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Interaction
NVD
CVSS 3.0
9.8
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy