Skip to main content
CVE-2018-7319 CRITICAL POC Act Now

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Os Property Real Estate
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-7318 CRITICAL POC Act Now

SQL Injection exists in the CheckList 1.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Checklist Data Integrator
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.7%
CVE-2018-7316 CRITICAL POC Act Now

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Proclaim
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-7315 CRITICAL POC Act Now

SQL Injection exists in the Ek Rishta 2.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ek Rishta
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7314 CRITICAL POC THREAT Act Now

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Prayercenter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
58.4%
CVE-2018-7312 CRITICAL POC Act Now

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Alexandria Book Library
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7300 CRITICAL POC THREAT Act Now

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Homematic Ccu2 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
30.8%
CVE-2018-7297 CRITICAL POC THREAT Act Now

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.8%
CVE-2018-7313 CRITICAL POC THREAT Act Now

SQL Injection exists in the CW Tags 2.0.6 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cw Tags
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.5%
CVE-2018-6489 CRITICAL Act Now

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Project And Portfolio Management Center
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-6488 CRITICAL Act Now

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Ucmdb Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-7301 CRITICAL Act Now

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7409 CRITICAL Act Now

In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Unixodbc
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0130 CRITICAL Act Now

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cisco Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0124 CRITICAL Act Now

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-0121 CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco Elastic Services Controller Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy