Skip to main content
CVE-2018-12426 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Live Chat
NVD GitHub
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-13050 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
38.2%
CVE-2018-12892 CRITICAL Act Now

An issue was discovered in Xen 4.7 through 4.10.x. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Xen
NVD
CVSS 3.0
9.9
EPSS
2.6%
CVE-2018-12575 CRITICAL Act Now

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy