Skip to main content
CVE-2018-14387 HIGH POC This Week

An issue was discovered in WonderCMS before 2.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Wondercms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2892 HIGH POC PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Oracle Information Disclosure Solaris
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-8011 HIGH POC THREAT This Week

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Apache Http Server Cloud Backup
NVD
CVSS 3.0
7.5
EPSS
51.7%
CVE-2018-0402 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-0394 HIGH This Week

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco Cloud Services Platform 2100
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-0387 HIGH This Week

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Apple Webex Teams
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-0350 HIGH This Week

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-0345 HIGH This Week

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-0343 HIGH This Week

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service RCE Cisco Vbond Orchestrator +11
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14379 HIGH This Week

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-3090 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3089 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3088 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3087 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3086 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2018-3007 HIGH PATCH This Week

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Tuxedo
NVD
CVSS 3.0
8.6
EPSS
2.7%
CVE-2018-2907 HIGH PATCH This Week

Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Financial Reporting
NVD
CVSS 3.0
8.6
EPSS
2.7%
CVE-2018-3085 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.0
8.5
EPSS
0.5%
CVE-2018-2939 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Oracle Denial Of Service Database Server
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2018-2964 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.8%
CVE-2018-2942 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Microsoft Information Disclosure Jdk +14
NVD
CVSS 3.1
8.3
EPSS
1.8%
CVE-2018-2941 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.2%
CVE-2018-2935 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Authentication Bypass Weblogic Server
NVD
CVSS 3.0
8.3
EPSS
1.8%
CVE-2018-3057 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.2
EPSS
0.5%
CVE-2018-3018 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3017 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3012 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3008 HIGH PATCH This Week

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2997 HIGH PATCH This Week

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2995 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2993 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2991 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2989 HIGH PATCH This Week

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Ilearning
NVD
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-2976 HIGH PATCH This Week

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Enterprise Manager Ops Center
NVD
CVSS 3.0
8.2
EPSS
2.2%
CVE-2018-2958 HIGH PATCH This Week

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Business Intelligence Publisher
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2018-2953 HIGH PATCH This Week

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass One To One Fulfillment
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-2900 HIGH PATCH This Week

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Business Intelligence Publisher
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2018-8042 HIGH This Week

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Ambari
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2018-3051 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-3050 HIGH PATCH This Week

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Corporate Lending
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-3035 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Investor Servicing
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-3027 HIGH PATCH This Week

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Payments
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-3015 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-2984 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Fleet Management
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-2956 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). Rated high severity (CVSS 8.1), this vulnerability is no authentication required.

Oracle Information Disclosure Hospitality Opera Property Management
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2018-2928 HIGH PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-0379 HIGH This Week

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Webex Meetings Online Webex Business Suite +1
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-0351 HIGH This Week

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-0347 HIGH This Week

A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Vbond Orchestrator Vedge Plus Vedge Pro +9
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-10616 HIGH This Week

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Abb Panel Builder 800
NVD
CVSS 3.0
7.8
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy