Skip to main content
CVE-2018-9022 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE Privileged Access Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
20.4%
CVE-2018-9021 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Privileged Access Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.4%
CVE-2018-12531 CRITICAL POC Act Now

An issue was discovered in MetInfo 6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Metinfo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12532 CRITICAL POC Act Now

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Richfaces
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-10623 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-10621 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-10617 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-9029 CRITICAL Act Now

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Privileged Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-12534 CRITICAL Act Now

A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Quick Chat
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12533 CRITICAL Act Now

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Richfaces
NVD
CVSS 3.0
9.8
EPSS
21.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy