Skip to main content
CVE-2018-6928 CRITICAL POC Act Now

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Website Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-6911 CRITICAL POC THREAT Act Now

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webaccess
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.0%
CVE-2018-5459 CRITICAL Act Now

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pfc200 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-6953 CRITICAL Act Now

In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-6948 CRITICAL Act Now

In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-0488 CRITICAL Act Now

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Mbed Tls +1
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-0487 CRITICAL Act Now

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Mbed Tls Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-6292 CRITICAL Act Now

Remote Code Execution in Saperion Web Client version 7.5.2 83166. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Saperion Web Client
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-1297 CRITICAL PATCH Act Now

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Jmeter
NVD
CVSS 3.0
9.8
EPSS
10.1%
CVE-2018-1383 CRITICAL Act Now

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
9.1
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy