Skip to main content
CVE-2018-3877 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3874 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3873 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-17317 CRITICAL POC Act Now

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Fruitywifi
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-17174 CRITICAL POC Act Now

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Nmealib
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-17173 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Supersign Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
56.2%
CVE-2018-17141 CRITICAL POC Act Now

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Debian Linux Hylafax
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2018-16822 CRITICAL POC Act Now

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-3894 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3876 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-17293 HIGH POC PATCH This Week

An issue was discovered in WAVM before 2018-09-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-16793 HIGH POC THREAT This Week

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SSRF Exchange Server
NVD
CVSS 3.0
8.6
EPSS
11.3%
CVE-2018-3915 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-3906 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-3914 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-17050 HIGH POC This Week

The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Polyai
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-14732 HIGH POC PATCH This Week

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Webpack Dev Server
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-14731 HIGH POC PATCH This Week

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Parcel
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-14730 HIGH POC PATCH This Week

An issue was discovered in Browserify-HMR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Browserify Hot Module Replacement
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-12511 HIGH POC This Week

In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Substratum
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-17283 HIGH POC THREAT This Week

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
66.3%
CVE-2018-16784 HIGH POC This Week

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dedecms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.3%
CVE-2018-3913 MEDIUM POC This Month

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-17294 MEDIUM POC PATCH This Month

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Liblouis Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-17292 MEDIUM POC PATCH This Month

An issue was discovered in WAVM before 2018-09-16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-17002 MEDIUM POC This Month

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp 2001Sp Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17001 MEDIUM POC This Month

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sp 4510Sf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-9282 MEDIUM POC This Month

An XSS issue was discovered in Subsonic Media Server 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14691 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14690 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14689 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14688 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16786 MEDIUM POC This Month

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16281 CRITICAL PATCH Act Now

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Profields Project Custom Fields
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11241 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-11240 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-14643 CRITICAL PATCH Act Now

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-17298 CRITICAL PATCH Act Now

An issue was discovered in Enalean Tuleap before 10.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tuleap
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-17302 MEDIUM POC This Month

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17301 MEDIUM POC This Month

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16821 MEDIUM POC This Month

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Seacms
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-15612 HIGH PATCH This Week

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Orchestration Designer
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-17300 MEDIUM POC This Month

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-11352 MEDIUM POC PATCH This Month

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wallabag
NVD
CVSS 3.0
4.0
EPSS
0.7%
CVE-2018-14891 HIGH This Week

Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cognito
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14889 HIGH This Week

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Couchdb
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-1711 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1710 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Buffer Overflow RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-12169 HIGH This Week

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intel Core I3 Core I5 Core I7 +29
NVD
CVSS 3.0
7.6
EPSS
0.6%
CVE-2018-14645 HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Haproxy Ubuntu Linux +3
NVD
CVSS 3.0
7.5
EPSS
3.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy