Skip to main content
CVE-2018-20157 HIGH POC This Week

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Openrefine
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-20159 HIGH POC This Week

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP I Doit
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
9.9%
CVE-2018-20161 MEDIUM POC This Month

A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sync Module
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy