Skip to main content
CVE-2018-11544 CRITICAL POC Act Now

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Ftp Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-3744 CRITICAL POC Act Now

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Html Pages
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-1235 CRITICAL POC THREAT Act Now

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
43.3%
CVE-2018-11536 CRITICAL POC Act Now

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-11535 CRITICAL POC Act Now

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Slac
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-11531 CRITICAL POC Act Now

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-11528 CRITICAL POC Act Now

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11523 CRITICAL POC Act Now

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nvrmini 2 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
9.9%
CVE-2018-3745 CRITICAL POC PATCH Act Now

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Node.js Atob
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2018-11547 CRITICAL Act Now

md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11546 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11545 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10466 CRITICAL Act Now

Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2018-5241 CRITICAL Act Now

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Secure Gateway Symantec Proxysg
NVD
CVSS 3.0
9.8
EPSS
4.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy