Skip to main content
CVE-2018-3757 CRITICAL POC PATCH Act Now

Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Pdf Image
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2018-3746 CRITICAL POC PATCH Act Now

The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Pdfinfojs
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2018-11652 CRITICAL POC PATCH THREAT Act Now

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nikto
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
24.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy