Skip to main content
CVE-2018-15442 HIGH POC THREAT Act Now

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft Command Injection Webex Meetings Desktop Webex Productivity Tools
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
16.0%
CVE-2018-8955 CRITICAL POC Act Now

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Gravityzone
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-18476 CRITICAL POC PATCH Act Now

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Mysql Binuuid Rails
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-18638 HIGH POC This Week

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Botvac Connected Firmware
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2018-18013 HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-18552 MEDIUM POC This Month

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Monitoring Software
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-18621 MEDIUM POC This Month

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Communigate Pro
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18551 MEDIUM POC This Month

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monitoring Software
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18636 MEDIUM POC This Month

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2640T Firmware
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-18635 MEDIUM POC PATCH This Month

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mailcleaner
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-18548 MEDIUM POC This Month

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker Ajenticp
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-18547 MEDIUM POC This Month

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Control Panel
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-12650 MEDIUM POC This Month

Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Human Resource Management Software
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-18568 MEDIUM POC This Month

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2018-18567 MEDIUM POC This Month

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 440Hd Firmware 450Hd Firmware
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-15751 CRITICAL PATCH Act Now

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-13342 CRITICAL Act Now

The server API in the Anda app relies on hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anda
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11792 CRITICAL Act Now

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-18566 MEDIUM POC This Month

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2018-17903 CRITICAL Act Now

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saga1 L8B Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2018-17921 HIGH This Week

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Saga1 L8B Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2018-9281 HIGH This Week

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS 9Px Ups Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-18014 MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-17935 HIGH This Week

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE F25 2S Firmware F25 2D Firmware F25 4S Firmware F25 4D Firmware +7
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2018-14812 HIGH This Week

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Energy Savings Estimator
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11804 HIGH This Week

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Spark
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2018-17923 MEDIUM This Month

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Saga1 L8B Firmware
NVD
CVSS 3.0
6.9
EPSS
0.3%
CVE-2018-11785 MEDIUM This Month

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Impala
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1541 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Commerce
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-15750 MEDIUM PATCH This Month

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Salt
NVD
CVSS 3.0
5.3
EPSS
4.2%
CVE-2018-9280 MEDIUM This Month

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 9Px Ups Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-9279 MEDIUM This Month

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 9Px Ups Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18517 MEDIUM This Month

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix XSS Netscaler Gateway Firmware
NVD
CVSS 3.0
4.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy