Skip to main content
CVE-2018-18742 HIGH POC This Week

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Semcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18735 HIGH POC This Week

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Catfish Blog
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18734 HIGH POC This Week

A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Catfish Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18712 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-18711 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-18737 HIGH POC This Week

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP Douchat
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-18732 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18731 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18730 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18727 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18709 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18708 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18707 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18706 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-18703 HIGH POC This Week

PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mailing Server Using File Handling
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2018-18790 HIGH POC This Week

An issue was discovered in zzcms 8.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-18788 HIGH POC This Week

An issue was discovered in zzcms 8.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-18784 HIGH POC This Week

An issue was discovered in zzcms 8.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-17706 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Phantompdf
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-17624 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-17623 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-17621 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Reader
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-17620 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17619 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17618 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-17617 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17616 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-17615 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-18387 HIGH This Week

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Playsms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-18699 HIGH This Week

An issue was discovered in GoPro gpmf-parser 1.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-17910 HIGH This Week

WebAccess Versions 8.3.2 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Webaccess
NVD
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-17908 HIGH This Week

WebAccess Versions 8.3.2 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11884 HIGH This Week

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11882 HIGH This Week

Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11880 HIGH This Week

Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11879 HIGH This Week

When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Authentication Bypass Qualcomm Sd 845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11877 HIGH This Week

When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11876 HIGH This Week

Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11875 HIGH This Week

Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11874 HIGH This Week

Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11873 HIGH This Week

Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11872 HIGH This Week

Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11871 HIGH This Week

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +46
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11870 HIGH This Week

Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9635M Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11867 HIGH This Week

Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11866 HIGH This Week

Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Ipq8074 Firmware Mdm9206 Firmware +23
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11865 HIGH This Week

Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware +22
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11862 HIGH This Week

Buffer overflow can happen in WLAN module due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11861 HIGH This Week

Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware Sda660 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11859 HIGH This Week

Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy