Skip to main content
CVE-2018-20445 CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware Dcm 704 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-20443 CRITICAL POC Act Now

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7200 D1I Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20442 CRITICAL POC Act Now

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7110 B Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20441 CRITICAL POC Act Now

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7200 Th2V2 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20440 CRITICAL POC Act Now

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cwa0101 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20438 CRITICAL POC Act Now

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7110 Ar Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-20452 HIGH POC This Week

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libxls
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20463 HIGH POC THREAT This Week

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Path Traversal PHP Jsmol2Wp
NVD
CVSS 3.0
7.5
EPSS
13.1%
CVE-2018-20437 HIGH POC PATCH This Week

An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Febs Shiro
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-20465 HIGH POC This Week

{% string for craft.app.config.DB.user and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Craft Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-20453 MEDIUM POC This Month

The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-20451 MEDIUM POC This Month

The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-20450 MEDIUM POC This Month

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxls
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20464 MEDIUM POC This Month

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20462 MEDIUM POC This Month

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jsmol2Wp
NVD
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-20454 MEDIUM POC This Month

An issue was discovered in 74cms v4.2.111. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP 74Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20444 CRITICAL Act Now

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cga0111 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-20439 CRITICAL Act Now

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dpc3928Sl Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-20461 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20460 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-20459 MEDIUM POC PATCH This Month

In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2018-20458 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2018-20456 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20455 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20448 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Frog Cms
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-20457 MEDIUM PATCH This Month

In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy