Skip to main content
CVE-2018-13114 CRITICAL POC Act Now

Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ypc99 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-18583 HIGH POC This Week

An issue has been found in LuPng through 2017-03-10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lupng
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18582 HIGH POC This Week

An issue has been found in LuPng through 2017-03-10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lupng
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18581 HIGH POC This Week

An issue has been found in LuPng through 2017-03-10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Lupng
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-15704 HIGH POC THREAT This Week

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Webaccess
NVD
CVSS 3.0
8.8
EPSS
21.5%
CVE-2018-18557 HIGH POC THREAT This Week

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libtiff Debian Linux Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
15.0%
CVE-2018-18559 HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel Openshift Container Platform +7
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-13115 MEDIUM POC This Month

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ypc99 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-18579 MEDIUM POC This Month

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18578 MEDIUM POC This Month

DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15703 MEDIUM POC This Month

Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webaccess
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-18553 MEDIUM POC This Month

Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Leanote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1850 HIGH This Week

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-12246 MEDIUM This Month

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Isolation
NVD
CVSS 3.0
6.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy