Skip to main content
CVE-2018-19248 CRITICAL POC Act Now

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Epson Workforce Wf 2861 Firmware
NVD GitHub
CVSS 3.0
9.1
EPSS
1.5%
CVE-2018-7801 HIGH POC PATCH This Week

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Evlink Parking Firmware
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2018-20429 HIGH POC This Week

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20428 HIGH POC This Week

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20427 HIGH POC This Week

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-20426 HIGH POC This Week

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20425 HIGH POC This Week

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20419 HIGH POC This Week

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Douphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-20436 HIGH POC This Week

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google SSRF Telegram Web
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-15465 HIGH POC This Week

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2018-20423 HIGH POC This Week

Discuz!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Discuzx
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-20422 HIGH POC This Week

Discuz!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Discuzx
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-19357 HIGH POC This Week

XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Xmplay
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.1%
CVE-2018-19232 HIGH POC This Week

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epson Workforce Wf 2861 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18959 HIGH POC This Week

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Epson Workforce Wf 2861 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-20421 HIGH POC This Week

Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-20410 HIGH POC This Week

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Kingscada
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-20431 MEDIUM POC PATCH This Month

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libextractor Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20430 MEDIUM POC PATCH This Month

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libextractor Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-18960 MEDIUM POC This Month

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Epson Workforce Wf 2861 Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-20424 MEDIUM POC This Month

Discuz!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Discuzx
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-20248 CRITICAL Act Now

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Quick Pdf Library
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-18698 CRITICAL Act Now

An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xiaomi Mi A1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-7836 CRITICAL Act Now

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Iiot Monitor
NVD
CVSS 3.0
9.8
EPSS
32.0%
CVE-2018-7800 CRITICAL PATCH Act Now

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Evlink Parking Firmware
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-8919 CRITICAL Act Now

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20433 CRITICAL PATCH Act Now

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE C3P0 Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-20420 MEDIUM POC This Month

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Weberp
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-20249 HIGH This Week

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Quick Pdf Library
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-7832 HIGH This Week

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pro Face Gp Pro Ex
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-7802 HIGH PATCH This Week

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Evlink Parking Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-20418 MEDIUM POC This Month

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Craft Cms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.7%
CVE-2018-7793 HIGH This Week

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.). Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Foxboro Dcs Foxboro Evo Foxview Ia Series
NVD
CVSS 3.0
8.7
EPSS
0.3%
CVE-2018-20247 HIGH This Week

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Quick Pdf Library
NVD
CVSS 3.1
7.8
EPSS
54.5%
CVE-2018-7837 HIGH This Week

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Iiot Monior
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-7835 HIGH This Week

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iiot Monior
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-8920 HIGH This Week

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Synology Diskstation Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2018-17197 MEDIUM PATCH This Month

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
6.5
EPSS
5.9%
CVE-2018-7796 MEDIUM This Month

A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Powersuite 2
NVD
CVSS 3.0
6.3
EPSS
0.7%
CVE-2018-8917 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Diskstation Manager
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-8918 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.0
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy