Skip to main content
CVE-2018-10653 CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-8898 CRITICAL POC THREAT Act Now

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 3782 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.3%
CVE-2018-1126 CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-10648 CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1309 CRITICAL PATCH Act Now

Apache NiFi External XML Entity issue in SplitXML processor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Information Disclosure Apache Nifi
NVD
CVSS 3.0
9.8
EPSS
4.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy