Skip to main content
CVE-2018-6581 CRITICAL POC Act Now

SQL Injection exists in the JMS Music 1.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jms Music
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6580 CRITICAL POC THREAT Act Now

Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jimtawl
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-6579 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reverse Auction
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-6578 CRITICAL POC Act Now

SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Je Paypervideo
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-6577 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-6576 CRITICAL POC Act Now

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6575 CRITICAL POC Act Now

SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Classified
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6548 CRITICAL POC Act Now

A use-after-free issue was discovered in libwebm through 2018-02-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libwebm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-6537 CRITICAL POC Act Now

A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Syncbreeze
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-6521 CRITICAL POC PATCH Act Now

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simplesamlphp Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-6317 CRITICAL POC THREAT Act Now

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Claymore Dual Miner
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
44.3%
CVE-2018-6551 CRITICAL Act Now

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Glibc
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-6486 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Fortify Audit Workbench Fortify Software Security Center
NVD
CVSS 3.0
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy