Skip to main content
CVE-2018-10620 CRITICAL POC Act Now

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Indusoft Web Studio Intouch Machine 2017
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2018-7602 CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Drupal Debian Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.2%
CVE-2018-14403 CRITICAL POC Act Now

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-10870 CRITICAL Act Now

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat RCE Path Traversal Certification
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2018-12911 CRITICAL PATCH Act Now

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Webkitgtk Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-14399 CRITICAL Act Now

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Phpcms
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy