Skip to main content
CVE-2018-6530 CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware Dir 865L Firmware Dir 868l Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
96.7%
CVE-2018-7732 CRITICAL POC Act Now

An issue was discovered in YxtCMF 3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yxtcmf
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-5469 CRITICAL Act Now

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau +130
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-6809 CRITICAL Act Now

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-1343 CRITICAL Act Now

PAM exposure enabling unauthenticated access to remote host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privileged Account Manager
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000101 CRITICAL PATCH Act Now

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mingw W64
NVD
CVSS 3.0
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy