Skip to main content
CVE-2018-10770 CRITICAL POC Act Now

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 5 In 1 Xvr Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10683 CRITICAL POC Act Now

An issue was discovered in WildFly 10.1.2.Final. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wildfly
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-10682 CRITICAL POC Act Now

An issue was discovered in WildFly 10.1.2.Final. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Wildfly
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2018-2420 CRITICAL Act Now

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Internet Graphics Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-2418 CRITICAL Act Now

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE SAP Maxdb Odbc Driver
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8154 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server
NVD
CVSS 3.0
9.8
EPSS
21.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy