Skip to main content
CVE-2018-17411 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Data Quality Suite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-17566 CRITICAL POC Act Now

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Thinkphp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-3972 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Monero
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-17538 CRITICAL POC Act Now

Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Evidence Sync
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-17215 HIGH POC This Week

An information-disclosure issue was discovered in Postman through 6.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Postman
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2018-16364 HIGH POC THREAT This Week

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Microsoft Deserialization RCE Manageengine Applications Manager
NVD
CVSS 3.1
8.1
EPSS
15.1%
CVE-2018-14327 HIGH POC This Week

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ee40Vb Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.4%
CVE-2018-17365 HIGH POC This Week

SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Seacms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-17555 HIGH POC This Week

The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arris Tg2492Lg Na Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-16712 MEDIUM POC This Month

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-16672 MEDIUM POC This Month

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2018-17316 MEDIUM POC This Month

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C6003 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17315 MEDIUM POC This Month

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C2003Sp Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17314 MEDIUM POC This Month

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp 305 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17313 MEDIUM POC This Month

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C307 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17312 MEDIUM POC This Month

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aficio Mp 301Spf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17311 MEDIUM POC This Month

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C6503 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17310 MEDIUM POC This Month

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C1803 Jpn Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17309 MEDIUM POC This Month

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C406Zspf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-7355 MEDIUM POC This Month

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zte Mf65 Firmware Mf65M1 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-17570 CRITICAL PATCH Act Now

utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-17569 CRITICAL PATCH Act Now

network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-17568 CRITICAL PATCH Act Now

utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-15531 CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
CVSS 3.0
9.8
EPSS
27.9%
CVE-2018-17410 CRITICAL Act Now

Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Horus Cms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-14823 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow V Server Firmware
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-14819 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14817 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14815 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14813 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-14811 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14809 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-8856 CRITICAL Act Now

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass E Alert Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-8850 CRITICAL Act Now

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE E Alert Firmware
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-16711 HIGH This Week

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Advanced Systemcare
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-16055 HIGH This Week

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Pfsense
NVD
CVSS 3.0
8.8
EPSS
11.2%
CVE-2018-8852 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-8844 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-8842 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10606 HIGH This Week

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Levistudiou
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-10602 HIGH This Week

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Levistudiou
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-17081 MEDIUM POC This Month

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP E107
NVD GitHub
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-16588 HIGH This Week

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Shadow
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1768 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16152 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-16151 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-15836 HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-8854 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Alert Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-8848 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation E Alert Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-1785 HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
7.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy