Skip to main content
CVE-2018-8174 HIGH POC KEV PATCH THREAT Act Now

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system compromise through crafted web pages, exploited in the wild as a zero-day before the May 2018 patch.

Windows
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
94.3%
Threat
5.0
CVE-2018-8120 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
73.7%
CVE-2018-0824 HIGH POC KEV PATCH THREAT This Week

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Deserialization RCE Windows 10 1507 Windows 10 1607 +11
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.5%
CVE-2018-10830 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-8145 HIGH POC PATCH THREAT This Week

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure Buffer Overflow Chakracore Internet Explorer +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
67.2%
CVE-2018-8139 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure RCE Buffer Overflow Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
66.9%
CVE-2018-8133 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
50.9%
CVE-2018-0953 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
66.9%
CVE-2018-0946 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Microsoft RCE Use After Free Memory Corruption +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
51.9%
CVE-2018-10831 HIGH POC This Week

{x1=1,x2=1,x3=1,...,x512=1} to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Z Nomp
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-10705 HIGH POC This Week

The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aura
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-8134 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2,. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.0%
CVE-2018-8866 HIGH This Week

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vgo Firmware
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-8126 HIGH PATCH This Week

A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
5.2%
CVE-2018-8173 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Infopath
NVD
CVSS 3.0
7.8
EPSS
18.6%
CVE-2018-8165 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-8164 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-8162 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Office For Mac
NVD
CVSS 3.0
7.8
EPSS
23.1%
CVE-2018-8161 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Web Apps Sharepoint Server +1
NVD
CVSS 3.0
7.8
EPSS
20.3%
CVE-2018-8158 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office
NVD
CVSS 3.0
7.8
EPSS
23.1%
CVE-2018-8157 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office
NVD
CVSS 3.0
7.8
EPSS
23.1%
CVE-2018-8148 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Office Compatibility Pack +1
NVD
CVSS 3.0
7.8
EPSS
23.1%
CVE-2018-8147 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Office Compatibility Pack +1
NVD
CVSS 3.0
7.8
EPSS
23.1%
CVE-2018-8136 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
21.9%
CVE-2018-1039 HIGH PATCH This Week

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Net Framework
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0961 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.6
EPSS
3.0%
CVE-2018-0959 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.6
EPSS
9.4%
CVE-2018-2423 HIGH This Week

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-2422 HIGH This Week

SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-2421 HIGH This Week

SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-8179 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
12.9%
CVE-2018-8178 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +2
NVD
CVSS 3.0
7.5
EPSS
14.2%
CVE-2018-8177 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
10.7%
CVE-2018-8137 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-8130 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-8128 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-8122 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-8114 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-1022 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +2
NVD
CVSS 3.0
7.5
EPSS
14.2%
CVE-2018-0955 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-0954 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +2
NVD
CVSS 3.0
7.5
EPSS
14.2%
CVE-2018-0951 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-0945 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-0943 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-0765 HIGH PATCH This Week

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE Denial Of Service Net Core Net Framework
NVD
CVSS 3.0
7.5
EPSS
7.7%
CVE-2018-1089 HIGH PATCH This Week

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop +3
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-10184 HIGH This Week

An issue was discovered in HAProxy before 1.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Haproxy Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
8.4%
CVE-2018-10827 HIGH PATCH This Week

LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Litecart
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-6021 HIGH This Week

Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sd 320An Firmware Geh Sd 320An Firmware
NVD
CVSS 3.0
7.4
EPSS
1.3%
CVE-2018-8170 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10,. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.0
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy