Skip to main content
CVE-2018-3753 CRITICAL POC Act Now

The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Object
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3752 CRITICAL POC PATCH Act Now

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Options
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3751 CRITICAL POC Act Now

The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Recursive
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3750 CRITICAL POC PATCH Act Now

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deep Extend
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-3749 CRITICAL POC PATCH Act Now

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deap
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-13116 CRITICAL POC Act Now

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11641 CRITICAL POC Act Now

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Powermedia Xms
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-11635 CRITICAL POC Act Now

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Powermedia Xms
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-11640 CRITICAL POC Act Now

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Powermedia Xms
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2018-13123 CRITICAL Act Now

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Onefilecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-11052 CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-7785 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7784 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-7780 CRITICAL Act Now

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-7778 CRITICAL Act Now

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Evlink Charging Station Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-4853 CRITICAL Act Now

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-4852 CRITICAL Act Now

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-11746 CRITICAL Act Now

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Discovery
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-13101 CRITICAL Act Now

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Kiosksimple
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-11316 CRITICAL Act Now

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonos Firmware
NVD
CVSS 3.0
9.6
EPSS
1.3%
CVE-2018-11314 CRITICAL Act Now

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roku Firmware
NVD
CVSS 3.0
9.6
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy