Skip to main content
CVE-2018-1273 CRITICAL POC KEV PATCH THREAT Act Now

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Code Injection RCE Spring Data Commons Spring Data Rest +2
NVD VulDB
CVSS 3.1
9.8
EPSS
95.6%
Threat
7.8
CVE-2018-8954 CRITICAL Act Now

CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Workload Control Center
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-10024 CRITICAL Act Now

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vp5208A Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3594 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Qualcomm Mdm9206 Firmware +20
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3593 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware +23
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3592 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware +20
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3591 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware +25
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3590 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Google Memory Corruption Qualcomm +14
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3589 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Qualcomm Buffer Overflow Mdm9650 Firmware Mdm9655 Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1275 CRITICAL PATCH Act Now

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java Code Injection RCE Spring Framework Application Testing Suite +17
NVD
CVSS 3.1
9.8
EPSS
57.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy