Skip to main content
CVE-2018-18861 CRITICAL POC Act Now

Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Pcman Ftp Server
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-18439 CRITICAL POC Act Now

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow U Boot
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2018-19367 CRITICAL POC Act Now

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Portainer
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18864 CRITICAL POC Act Now

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Enterprise Va Max
NVD
CVSS 3.0
9.6
EPSS
2.6%
CVE-2018-16223 CRITICAL Act Now

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qbeecam
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18563 CRITICAL Act Now

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware +2
NVD
CVSS 3.0
9.6
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy