Skip to main content
CVE-2018-19047 CRITICAL POC Act Now

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mpdf
NVD GitHub
CVSS 3.0
10.0
EPSS
2.1%
CVE-2018-19082 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow I5 Application Firmware I5 System Firmware C2 Application Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-19081 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2018-19078 CRITICAL POC Act Now

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-19076 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-19069 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19067 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19064 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I5 Application Firmware I5 System Firmware C2 Application Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19063 CRITICAL POC Act Now

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-19061 CRITICAL POC Act Now

DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8021 CRITICAL POC PATCH THREAT Act Now

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Apache Superset
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy