Skip to main content
CVE-2018-9126 CRITICAL POC THREAT Act Now

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dnnarticle
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
50.2%
CVE-2018-9248 CRITICAL POC THREAT Act Now

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vdsl2 Modem Hg 150 Ub Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
15.3%
CVE-2018-9247 CRITICAL POC Act Now

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms Qy
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-9035 CRITICAL POC Act Now

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Contact Form 7 To Database Extension
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
7.7%
CVE-2018-9285 CRITICAL Act Now

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac66U Firmware Rt Ac68U Firmware Rt Ac86U Firmware Rt Ac88U Firmware +7
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-9284 CRITICAL PATCH Act Now

authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow D-Link Singapore Starhub Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2018-1469 CRITICAL PATCH Act Now

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-6873 CRITICAL Act Now

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Auth0 Js
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-9249 CRITICAL Act Now

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vdsl2 Modem Hg 150 Ub Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.3%
CVE-2018-1002150 CRITICAL PATCH Act Now

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Koji
NVD
CVSS 3.0
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy