Skip to main content
CVE-2018-11529 HIGH POC THREAT Act Now

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Debian Linux +1
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
40.6%
CVE-2018-10197 CRITICAL POC Act Now

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-0500 CRITICAL POC PATCH Act Now

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Curl Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-13989 HIGH POC This Week

Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Grundig Smart Inter Ctive Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-3936 HIGH POC This Week

In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-3933 HIGH POC This Week

An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-3932 HIGH POC This Week

An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2018-3931 HIGH POC This Week

In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2018-3929 HIGH POC This Week

An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2018-8298 HIGH POC KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption RCE Buffer Overflow Chakracore
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
75.3%
CVE-2018-8291 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
70.0%
CVE-2018-8288 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
70.0%
CVE-2018-8279 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
71.0%
CVE-2018-8007 HIGH POC THREAT This Week

Apache CouchDB administrative users can configure the database server via HTTP(S). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache RCE Couchdb
NVD
CVSS 3.0
7.2
EPSS
11.7%
CVE-2018-0042 CRITICAL Act Now

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0041 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0040 CRITICAL Act Now

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-0039 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-0038 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0037 CRITICAL Act Now

Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0035 CRITICAL Act Now

QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-10635 CRITICAL Act Now

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cb3 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-10633 CRITICAL Act Now

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cb3 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8327 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Powershell Powershell Editor Services
NVD
CVSS 3.1
9.8
EPSS
21.2%
CVE-2018-8319 CRITICAL PATCH Act Now

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Research Javascript Cryptography Library
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-8311 HIGH This Week

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Lync Skype For Business
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2018-8300 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
12.8%
CVE-2018-8260 HIGH This Week

A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Net Framework
NVD
CVSS 3.0
8.8
EPSS
14.6%
CVE-2018-0025 HIGH This Week

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-8284 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Microsoft RCE Net Framework Project Server +3
NVD
CVSS 3.0
8.1
EPSS
39.6%
CVE-2018-0024 HIGH This Week

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3930 HIGH This Week

In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Office Server Document Converter
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2018-8313 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8312 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Access Office
NVD
CVSS 3.0
7.8
EPSS
19.5%
CVE-2018-8282 HIGH This Week

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8281 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Office Powerpoint Viewer +1
NVD
CVSS 3.0
7.8
EPSS
19.5%
CVE-2018-8238 HIGH PATCH This Week

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Lync Skype For Business
NVD
CVSS 3.0
7.8
EPSS
5.5%
CVE-2018-8232 HIGH PATCH This Week

A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Visual Studio 2017
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8202 HIGH PATCH This Week

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Net Framework
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8172 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Expression Blend Visual Studio Visual Studio 2017
NVD
CVSS 3.1
7.8
EPSS
31.0%
CVE-2018-0032 HIGH This Week

The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-0030 HIGH This Week

Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-0026 HIGH This Week

After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-8310 HIGH PATCH This Week

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Word
NVD
CVSS 3.0
7.5
EPSS
5.4%
CVE-2018-8301 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
13.1%
CVE-2018-8296 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.9%
CVE-2018-8294 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
19.2%
CVE-2018-8290 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
19.2%
CVE-2018-8287 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD
CVSS 3.0
7.5
EPSS
16.4%
CVE-2018-8286 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD
CVSS 3.0
7.5
EPSS
19.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy