Skip to main content
CVE-2018-19248 CRITICAL POC Act Now

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Epson Workforce Wf 2861 Firmware
NVD GitHub
CVSS 3.0
9.1
EPSS
1.5%
CVE-2018-20248 CRITICAL Act Now

In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Quick Pdf Library
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-18698 CRITICAL Act Now

An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xiaomi Mi A1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-7836 CRITICAL Act Now

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Iiot Monitor
NVD
CVSS 3.0
9.8
EPSS
32.0%
CVE-2018-7800 CRITICAL PATCH Act Now

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Evlink Parking Firmware
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-8919 CRITICAL Act Now

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20433 CRITICAL PATCH Act Now

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE C3P0 Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy