Skip to main content
CVE-2018-10594 CRITICAL POC THREAT Emergency

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Stack Overflow Commgr
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
69.0%
CVE-2018-10662 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
79.8%
CVE-2018-10661 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A1001 Firmware A8004 V Firmware A8105 E Firmware A9161 Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
86.7%
CVE-2018-10660 CRITICAL POC THREAT Emergency

An issue was discovered in multiple models of Axis IP Cameras. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

P1354 Firmware M1033 W Firmware A1001 Firmware A8004 V Firmware A8105 E Firmware +386
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.2%
CVE-2018-1000533 CRITICAL POC PATCH THREAT Act Now

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Gitlist
NVD GitHub
CVSS 3.1
9.8
EPSS
73.0%
CVE-2018-1000554 CRITICAL POC Act Now

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trovebox
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1000544 CRITICAL POC PATCH Act Now

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Rubyzip Debian Linux Cloudforms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-1000525 CRITICAL POC Act Now

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Information Disclosure RCE PHP Openpsa
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-12889 CRITICAL POC Act Now

An issue was discovered in CCN-lite 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ccn Lite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-4846 CRITICAL Act Now

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware Rapidpoint 500 Firmware Rapidlab 1200 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-1072 CRITICAL Act Now

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Enterprise Virtualization Manager
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-6667 CRITICAL Act Now

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass RCE Mcafee Web Gateway
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-1000550 CRITICAL PATCH Act Now

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sympa Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-1000537 CRITICAL Act Now

Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Marlin Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-1000517 CRITICAL PATCH Act Now

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
32.9%
CVE-2018-1000501 CRITICAL PATCH Act Now

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Instant Update Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-0608 CRITICAL Act Now

Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow H2O
NVD GitHub
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-12882 CRITICAL PATCH Act Now

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free PHP Ubuntu Linux +1
NVD
CVSS 3.0
9.8
EPSS
6.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy