Skip to main content
CVE-2018-13876 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-13874 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13873 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-13872 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13871 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13870 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13869 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13868 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-13867 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13866 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-13850 CRITICAL POC Act Now

The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apple Firebase Push Notification On Ios Fcm Advance Admin Panel
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-13818 CRITICAL POC PATCH Act Now

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Twig
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-13797 CRITICAL POC PATCH Act Now

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Node Macaddress
NVD GitHub
CVSS 3.0
9.8
EPSS
6.7%
CVE-2018-13846 CRITICAL Act Now

An issue has been found in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-13845 CRITICAL Act Now

An issue has been found in HTSlib 1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Htslib
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-5553 CRITICAL Act Now

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dge 100 Firmware Dm Dge 200 C Firmware Ts 1542 C Firmware
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-9853 CRITICAL Act Now

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Freesshd
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-1337 CRITICAL PATCH Act Now

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Ldap Api
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-2437 CRITICAL Act Now

The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Internet Graphics Server
NVD
CVSS 3.0
9.1
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy