Skip to main content
CVE-2018-3843 HIGH POC THREAT This Week

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
24.0%
CVE-2018-3842 HIGH POC This Week

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2018-10188 HIGH POC PATCH This Week

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpmyadmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-10222 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10220 HIGH POC This Week

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Glastopf
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-2791 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Webcenter Sites
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
39.5%
CVE-2018-1146 HIGH POC THREAT This Week

A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N750 Firmware
NVD
CVSS 3.0
7.5
EPSS
29.1%
CVE-2018-10236 HIGH POC This Week

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name']. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-10235 HIGH POC This Week

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Poscms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-0259 HIGH This Week

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Mate Collector
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0255 HIGH This Week

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Apple iOS
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-2844 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-2843 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-2842 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-2772 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-1167 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Spotify
NVD
CVSS 3.0
8.8
EPSS
4.8%
CVE-2018-0240 HIGH This Week

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
3.9%
CVE-2018-0233 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service VMware Cisco Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
2.5%
CVE-2018-0231 HIGH This Week

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.0
8.6
EPSS
4.6%
CVE-2018-0230 HIGH This Week

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2018-0228 HIGH This Week

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100%. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
3.6%
CVE-2018-2832 HIGH PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Goldengate
NVD
CVSS 3.0
8.6
EPSS
1.9%
CVE-2018-2829 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2018-2841 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
8.5
EPSS
1.8%
CVE-2018-2834 HIGH PATCH This Week

Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware (subcomponent: Security). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Data Visualization Desktop
NVD
CVSS 3.0
8.5
EPSS
0.5%
CVE-2018-2826 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
5.0%
CVE-2018-2825 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2018-2814 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +10
NVD
CVSS 3.1
8.3
EPSS
3.7%
CVE-2018-2860 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2837 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2836 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2835 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2830 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-2828 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
1.4%
CVE-2018-2856 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Basel Regulatory Capital Internal Ratings Based Approach
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-2855 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Basel Regulatory Capital Basic
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-2851 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-2833 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-2803 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-6306 HIGH This Week

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Password Manager
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2018-2849 HIGH PATCH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
7.7
EPSS
1.4%
CVE-2018-2824 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
7.7
EPSS
1.4%
CVE-2018-2811 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Java Oracle Information Disclosure Jdk Jre +3
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2018-2794 HIGH PATCH This Week

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2018-2755 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Oracle Information Disclosure MySQL Debian Linux Ubuntu Linux +12
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2018-2754 HIGH PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.0
7.7
EPSS
0.5%
CVE-2018-2840 HIGH PATCH This Week

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Microsoft Denial Of Service Authentication Bypass Retail Xstore Point Of Service
NVD
CVSS 3.0
7.6
EPSS
1.3%
CVE-2018-2827 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Profile). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Suite8
NVD
CVSS 3.0
7.6
EPSS
1.1%
CVE-2018-2770 HIGH PATCH This Week

Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Adaptive Access Manager
NVD
CVSS 3.0
7.6
EPSS
1.4%
CVE-2018-0239 HIGH This Week

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Staros
NVD
CVSS 3.1
7.5
EPSS
3.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy