Skip to main content
CVE-2018-2894 CRITICAL POC PATCH THREAT Act Now

Oracle WebLogic Server contains a critical arbitrary file upload vulnerability in the WLS Web Services component affecting versions 12.1.3.0, 12.2.1.2, and 12.2.1.3. Unauthenticated attackers can exploit the unrestricted file upload in the Web Services test page to deploy JSP webshells, achieving full remote code execution on the application server.

NVD
CVSS 3.0
9.8
EPSS
94.3%
Threat
8.3
CVE-2018-14389 CRITICAL POC Act Now

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14364 CRITICAL POC THREAT Act Now

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab RCE Path Traversal
NVD
CVSS 3.0
9.8
EPSS
50.1%
CVE-2018-2893 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
71.2%
CVE-2018-14387 HIGH POC This Week

An issue was discovered in WonderCMS before 2.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Wondercms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2892 HIGH POC PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Oracle Information Disclosure Solaris
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-8011 HIGH POC THREAT This Week

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Apache Http Server Cloud Backup
NVD
CVSS 3.0
7.5
EPSS
51.7%
CVE-2018-14382 MEDIUM POC This Month

InstantCMS 2.10.1 has /redirect?url= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Instantcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-14381 MEDIUM POC PATCH This Month

Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Pagekit
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-0403 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0399 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Finesse
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0398 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SSRF Cisco Finesse
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-0377 CRITICAL Act Now

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0376 CRITICAL Act Now

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0375 CRITICAL Act Now

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0374 CRITICAL Act Now

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0349 CRITICAL Act Now

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2018-2943 CRITICAL PATCH Act Now

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Fusion Middleware Mapviewer
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-2930 CRITICAL PATCH Act Now

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Solaris Cluster
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-14388 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14082 MEDIUM POC This Month

PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Job Portal
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12429 MEDIUM POC This Month

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesns
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-3004 MEDIUM POC PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Java Oracle Authentication Bypass Database Server
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-3100 CRITICAL PATCH Act Now

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Business Process Management Suite
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2018-2938 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
9.0
EPSS
1.9%
CVE-2018-0402 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-0394 HIGH This Week

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco Cloud Services Platform 2100
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-0387 HIGH This Week

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Apple Webex Teams
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-0350 HIGH This Week

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-0345 HIGH This Week

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-0343 HIGH This Week

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service RCE Cisco Vbond Orchestrator +11
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14379 HIGH This Week

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-3090 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3089 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3088 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3087 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3086 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3007 HIGH PATCH This Week

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Tuxedo
NVD
CVSS 3.0
8.6
EPSS
2.7%
CVE-2018-2907 HIGH PATCH This Week

Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Financial Reporting
NVD
CVSS 3.0
8.6
EPSS
2.7%
CVE-2018-3085 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.0
8.5
EPSS
0.5%
CVE-2018-2939 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Oracle Denial Of Service Database Server
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2018-2964 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.8%
CVE-2018-2942 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Microsoft Information Disclosure Jdk +14
NVD
CVSS 3.1
8.3
EPSS
1.8%
CVE-2018-2941 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.2%
CVE-2018-2935 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Authentication Bypass Weblogic Server
NVD
CVSS 3.0
8.3
EPSS
1.8%
CVE-2018-3057 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-3018 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3017 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3012 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3008 HIGH PATCH This Week

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.0
8.2
EPSS
2.0%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy