Skip to main content
CVE-2018-6928 CRITICAL POC Act Now

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Website Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-6911 CRITICAL POC THREAT Act Now

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webaccess
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.0%
CVE-2018-6954 HIGH POC This Week

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Systemd Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-6910 HIGH POC THREAT This Week

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dedecms
NVD GitHub
CVSS 3.1
7.5
EPSS
19.0%
CVE-2018-5459 CRITICAL Act Now

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pfc200 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6953 CRITICAL Act Now

In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-6948 CRITICAL Act Now

In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-0488 CRITICAL Act Now

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Mbed Tls +1
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-0487 CRITICAL Act Now

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Mbed Tls Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-6292 CRITICAL Act Now

Remote Code Execution in Saperion Web Client version 7.5.2 83166. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Saperion Web Client
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-1297 CRITICAL PATCH Act Now

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Jmeter
NVD
CVSS 3.0
9.8
EPSS
10.1%
CVE-2018-1383 CRITICAL Act Now

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2018-6952 HIGH This Week

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patch
NVD
CVSS 3.0
7.5
EPSS
8.4%
CVE-2018-6951 HIGH PATCH This Week

An issue was discovered in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Patch Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-6293 HIGH This Week

Arbitrary File Read in Saperion Web Client version 7.5.2 83166. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saperion Web Client
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-6942 MEDIUM PATCH This Month

An issue was discovered in FreeType 2 through 2.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freetype Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-6930 MEDIUM This Month

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy