Skip to main content
CVE-2018-19616 HIGH POC THREAT This Week

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Rockwell Powermonitor 1000 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
30.3%
CVE-2018-18536 HIGH POC This Week

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aura Sync Firmware
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18535 HIGH POC This Week

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Aura Sync Firmware
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-20483 HIGH POC This Week

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wget
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-20404 HIGH POC This Week

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Epia E900 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17987 HIGH POC This Week

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hashheroes
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-20478 HIGH POC This Week

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP S Cms
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-19870 HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-19182 HIGH PATCH This Week

Engelsystem before commit hash 2e28336 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Engelsystem
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15518 HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-17957 HIGH This Week

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Repository Mirroring Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy