Skip to main content
CVE-2018-20148 CRITICAL POC THREAT Act Now

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Debian Linux
NVD
CVSS 3.0
9.8
EPSS
30.9%
CVE-2018-18006 CRITICAL POC THREAT Act Now

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Microsoft Myprint
NVD
CVSS 3.0
9.8
EPSS
21.5%
CVE-2018-19007 CRITICAL Act Now

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection G Cam Efd 2251 Firmware G Cam Ewpc 2275 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy