Skip to main content
CVE-2018-17440 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-1000804 CRITICAL POC PATCH Act Now

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
6.3%
CVE-2018-3997 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-3996 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3992 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-3945 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3942 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3941 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-3940 HIGH POC This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-17442 HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-17775 HIGH POC This Week

Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure End Point Security
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-18066 HIGH POC PATCH This Week

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Net Snmp Cloud Backup Hyper Converged Infrastructure +4
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2018-1000809 HIGH POC PATCH This Week

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Privacyidea
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-18065 MEDIUM POC PATCH THREAT This Month

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux Ubuntu Linux +7
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
17.2%
CVE-2018-18064 MEDIUM POC This Month

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cairo
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-18069 MEDIUM POC THREAT This Month

process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wpml
NVD
CVSS 3.0
6.1
EPSS
13.2%
CVE-2018-17443 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17441 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-5399 CRITICAL Act Now

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dcu 210E Firmware Rp 210E Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-1000810 CRITICAL Act Now

The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Rust
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-14818 CRITICAL Act Now

WECON Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Pi Studio Pi Studio Hmi
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2018-15903 MEDIUM POC This Month

The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claromentis
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1742 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
9.3
EPSS
0.3%
CVE-2018-5400 CRITICAL Act Now

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Rp 210E Firmware Dcu 210E Firmware
NVD
CVSS 3.0
9.1
EPSS
0.7%
CVE-2018-5402 HIGH This Week

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google File Upload Rp 210E Firmware Dcu 210E Firmware Marine Pro Observer
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000805 HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower Virtualization Host Enterprise Linux Desktop +7
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-14810 HIGH This Week

WECON Technology Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Pi Studio Pi Studio Hmi
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1750 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-1000807 HIGH PATCH This Week

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Use After Free Python Denial Of Service Memory Corruption +6
NVD GitHub
CVSS 3.1
8.1
EPSS
4.1%
CVE-2018-16297 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16296 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16295 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16294 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16293 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16292 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16291 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-1749 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1741 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-5401 MEDIUM This Month

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Rp 210E Firmware Dcu 210E Firmware Marine Pro Observer
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1000808 MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl Ubuntu Linux Gluster Storage +4
NVD GitHub
CVSS 3.0
5.9
EPSS
1.9%
CVE-2018-14656 MEDIUM PATCH This Month

A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-17060 MEDIUM This Month

Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telerik Extensions For Asp Net Mvc
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2018-1743 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1000803 MEDIUM PATCH This Month

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gitea
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-17889 MEDIUM This Month

In WECON Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Information Disclosure Pi Studio Pi Studio Hmi
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-17977 MEDIUM This Month

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-1753 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy