Skip to main content
CVE-2018-7600 CRITICAL POC KEV PATCH THREAT Act Now

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Drupal Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-9031 CRITICAL POC Act Now

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sentry Vision
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-4841 CRITICAL Act Now

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Tim 1531 Irc Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2018-9116 CRITICAL Act Now

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Wiremock
NVD
CVSS 3.0
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy