Skip to main content
CVE-2018-17787 CRITICAL POC Act Now

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-17786 CRITICAL POC Act Now

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE D-Link Dir 823G Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-15752 HIGH POC This Week

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Mensamax
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-9515 HIGH POC This Week

In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-15753 HIGH POC This Week

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Mensamax
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-17884 MEDIUM POC This Month

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gwolle Guestbook
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-17593 MEDIUM POC This Month

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5453 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17591 MEDIUM POC This Month

AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5343V2 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17590 MEDIUM POC This Month

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5442 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17589 MEDIUM POC This Month

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5650 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17588 MEDIUM POC This Month

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5021 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17587 MEDIUM POC This Month

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5750 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-14826 CRITICAL Act Now

Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Emg 12 Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-14822 CRITICAL Act Now

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Emg 12 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-9476 CRITICAL PATCH Act Now

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Memory Corruption Use After Free Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-9499 MEDIUM POC PATCH This Month

In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-17886 MEDIUM POC This Month

An issue was discovered in JEESNS 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-3944 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-3943 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-9504 HIGH PATCH This Week

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-3961 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3960 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3959 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3958 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2018-3957 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2018-9514 HIGH This Week

In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Google Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9513 HIGH This Week

In copy_process of fork.c, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9501 HIGH PATCH This Week

In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9498 HIGH PATCH This Week

In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-9497 HIGH PATCH This Week

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-9496 HIGH PATCH This Week

In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-9492 HIGH PATCH This Week

In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9491 HIGH PATCH This Week

In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-9490 HIGH PATCH This Week

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation RCE Android
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-9473 HIGH PATCH This Week

In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-11748 HIGH This Week

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1498 HIGH This Week

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11072 HIGH This Week

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Digital Delivery
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9503 HIGH PATCH This Week

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-12473 HIGH This Week

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Open Build Service
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1509 HIGH This Week

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-3962 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.3
EPSS
2.5%
CVE-2018-6261 HIGH This Week

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia RCE Denial Of Service Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-9510 MEDIUM PATCH This Month

In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9509 MEDIUM PATCH This Month

In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9508 MEDIUM PATCH This Month

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9507 MEDIUM PATCH This Month

In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-9506 MEDIUM PATCH This Month

In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9505 MEDIUM PATCH This Month

In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-9502 MEDIUM PATCH This Month

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy