Skip to main content
CVE-2018-0171 CRITICAL POC KEV THREAT CISA Emergency

Cisco IOS and IOS XE Smart Install feature allows unauthenticated remote attackers to trigger device reload or execute arbitrary code through crafted packets, widely exploited to disrupt network infrastructure.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.0%
Threat
9.8
CVE-2018-8823 CRITICAL POC THREAT Act Now

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Responsive Mega Menu Pro Prestashop
NVD
CVSS 3.0
9.8
EPSS
51.6%
CVE-2018-0151 CRITICAL KEV THREAT Act Now

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
9.8
EPSS
14.5%
CVE-2018-0150 CRITICAL Act Now

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-7498 CRITICAL Act Now

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alice 6 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-5451 CRITICAL Act Now

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Alice 6 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-9110 CRITICAL PATCH Act Now

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2018-9109 CRITICAL PATCH Act Now

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy