Skip to main content
CVE-2018-2628 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Weblogic Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.4%
CVE-2018-1145 CRITICAL POC THREAT Act Now

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
24.9%
CVE-2018-1144 CRITICAL POC Act Now

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-1143 CRITICAL POC THREAT Act Now

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
55.2%
CVE-2018-2879 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Access Manager
NVD GitHub
CVSS 3.0
9.0
EPSS
22.2%
CVE-2018-3843 HIGH POC THREAT This Week

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
24.0%
CVE-2018-3842 HIGH POC This Week

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-10188 HIGH POC PATCH This Week

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpmyadmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-10222 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10220 HIGH POC This Week

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Glastopf
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-2791 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Webcenter Sites
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
39.5%
CVE-2018-1146 HIGH POC THREAT This Week

A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N750 Firmware
NVD
CVSS 3.0
7.5
EPSS
29.1%
CVE-2018-10236 HIGH POC This Week

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name']. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-10235 HIGH POC This Week

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-9137 MEDIUM POC This Month

Open-AudIT before 2.2 has CSV Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Audit
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
2.8%
CVE-2018-10224 MEDIUM POC This Month

An issue was discovered in YzmCMS 3.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yzmcms
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-10223 MEDIUM POC This Month

An issue was discovered in YzmCMS 3.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yzmcms
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-10230 MEDIUM POC This Month

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zend Server
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-0238 CRITICAL Act Now

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Director
NVD
CVSS 3.0
9.9
EPSS
5.2%
CVE-2018-10225 CRITICAL Act Now

thinkphp 3.1.3 has SQL Injection via the index.php s parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-10227 MEDIUM POC This Month

MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10221 MEDIUM POC This Month

An issue was discovered in WUZHI CMS V4.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-2739 CRITICAL PATCH Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.0
9.3
EPSS
2.3%
CVE-2018-2871 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.0
9.1
EPSS
2.6%
CVE-2018-2870 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.0
9.1
EPSS
2.6%
CVE-2018-0112 CRITICAL Act Now

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Webex Meetings Server Webex Meetings Webex Business Suite 31 +1
NVD
CVSS 3.0
9.0
EPSS
2.7%
CVE-2018-0259 HIGH This Week

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Mate Collector
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0255 HIGH This Week

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Apple iOS
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-2844 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-2843 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-2842 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-2772 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-1167 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Spotify
NVD
CVSS 3.0
8.8
EPSS
4.8%
CVE-2018-0240 HIGH This Week

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
3.9%
CVE-2018-0233 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service VMware Cisco Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
2.5%
CVE-2018-0231 HIGH This Week

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.0
8.6
EPSS
4.6%
CVE-2018-0230 HIGH This Week

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2018-0228 HIGH This Week

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100%. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
3.6%
CVE-2018-2832 HIGH PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Goldengate
NVD
CVSS 3.0
8.6
EPSS
1.9%
CVE-2018-2829 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2018-2841 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
8.5
EPSS
1.8%
CVE-2018-2834 HIGH PATCH This Week

Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware (subcomponent: Security). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Data Visualization Desktop
NVD
CVSS 3.0
8.5
EPSS
0.5%
CVE-2018-2826 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
5.0%
CVE-2018-2825 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2018-2814 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +10
NVD
CVSS 3.1
8.3
EPSS
3.7%
CVE-2018-2860 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2837 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2836 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2835 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2830 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy