Skip to main content
CVE-2018-6907 HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rainmachine Web Application
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3977 HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Sdl Image
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-3900 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-6011 HIGH POC This Week

The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Mini 8 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-3947 HIGH POC This Week

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2018-3910 HIGH POC This Week

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.0
EPSS
1.6%
CVE-2018-18714 HIGH POC This Week

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Malware Fighter
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-18695 HIGH POC This Week

M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Report Designer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3928 HIGH POC This Week

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-18891 HIGH POC This Week

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Minicms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-18883 HIGH PATCH This Week

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Intel Null Pointer Dereference Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-15454 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.0
8.6
EPSS
4.4%
CVE-2018-7356 HIGH This Week

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8905E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-10587 HIGH This Week

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Manager
NVD
CVSS 3.0
7.2
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy