Skip to main content
CVE-2018-10532 HIGH POC This Week

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 4Gee Firmware
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18842 HIGH POC This Week

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Z Blogphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-18281 HIGH POC PATCH This Week

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-10712 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-10711 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-10709 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-16469 HIGH POC PATCH This Week

The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Merge
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-10710 HIGH POC This Week

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A Tuning F Stream Restart To Uefi Rgbled
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
1.0%
CVE-2018-17933 HIGH This Week

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vgo Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-16466 HIGH This Week

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-18831 HIGH This Week

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Mcms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-18817 HIGH This Week

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agent Connection Broker
NVD
CVSS 3.0
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy