Skip to main content
CVE-2018-2628 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Weblogic Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.4%
CVE-2018-1145 CRITICAL POC THREAT Act Now

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
24.9%
CVE-2018-1144 CRITICAL POC Act Now

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-1143 CRITICAL POC THREAT Act Now

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N750 Firmware
NVD
CVSS 3.0
9.8
EPSS
55.2%
CVE-2018-2879 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Access Manager
NVD GitHub
CVSS 3.0
9.0
EPSS
22.2%
CVE-2018-0238 CRITICAL Act Now

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Computing System Director
NVD
CVSS 3.0
9.9
EPSS
5.2%
CVE-2018-10225 CRITICAL Act Now

thinkphp 3.1.3 has SQL Injection via the index.php s parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-2739 CRITICAL PATCH Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.0
9.3
EPSS
2.3%
CVE-2018-2871 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.0
9.1
EPSS
2.6%
CVE-2018-2870 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Human Resources
NVD
CVSS 3.0
9.1
EPSS
2.6%
CVE-2018-0112 CRITICAL Act Now

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Webex Meetings Server Webex Meetings Webex Business Suite 31 +1
NVD
CVSS 3.0
9.0
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy