Skip to main content
CVE-2018-6825 CRITICAL POC Act Now

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vobot Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-6871 CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice Debian Linux Ubuntu Linux +6
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
23.2%
CVE-2018-1000060 CRITICAL PATCH Act Now

Sensu, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sensu Core
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-1000059 CRITICAL Act Now

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Validform Builder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-1000044 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Squert
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-1000043 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Command Injection Squert
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-1000042 CRITICAL PATCH Act Now

Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Command Injection Squert
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-3601 CRITICAL PATCH Act Now

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Control Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-1000034 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.4%
CVE-2018-1000033 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy