Skip to main content
CVE-2018-15442 HIGH POC THREAT Act Now

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft Command Injection Webex Meetings Desktop Webex Productivity Tools
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
16.0%
CVE-2018-18638 HIGH POC This Week

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Botvac Connected Firmware
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2018-18013 HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-17921 HIGH This Week

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Saga1 L8B Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2018-9281 HIGH This Week

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS 9Px Ups Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-17935 HIGH This Week

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE F25 2S Firmware F25 2D Firmware F25 4S Firmware F25 4D Firmware +7
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2018-14812 HIGH This Week

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Energy Savings Estimator
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11804 HIGH This Week

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Spark
NVD
CVSS 3.1
7.5
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy