Skip to main content
CVE-2018-2894 CRITICAL POC PATCH THREAT Act Now

Oracle WebLogic Server contains a critical arbitrary file upload vulnerability in the WLS Web Services component affecting versions 12.1.3.0, 12.2.1.2, and 12.2.1.3. Unauthenticated attackers can exploit the unrestricted file upload in the Web Services test page to deploy JSP webshells, achieving full remote code execution on the application server.

NVD
CVSS 3.0
9.8
EPSS
94.3%
Threat
8.3
CVE-2018-14389 CRITICAL POC Act Now

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14364 CRITICAL POC THREAT Act Now

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab RCE Path Traversal
NVD
CVSS 3.0
9.8
EPSS
50.1%
CVE-2018-2893 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
71.2%
CVE-2018-0403 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0399 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Finesse
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0398 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SSRF Cisco Finesse
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-0377 CRITICAL Act Now

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0376 CRITICAL Act Now

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0375 CRITICAL Act Now

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine Policy Suite
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0374 CRITICAL Act Now

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0349 CRITICAL Act Now

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2018-2943 CRITICAL PATCH Act Now

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Fusion Middleware Mapviewer
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-2930 CRITICAL PATCH Act Now

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Solaris Cluster
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-3100 CRITICAL PATCH Act Now

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Business Process Management Suite
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2018-2938 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
9.0
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy