Skip to main content
CVE-2018-10992 CRITICAL Act Now

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Lilypond
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1260 CRITICAL PATCH Act Now

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Spring Security Oauth
NVD
CVSS 3.0
9.8
EPSS
8.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy