Skip to main content
CVE-2018-14328 CRITICAL POC THREAT Act Now

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Trade
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.7%
CVE-2018-14565 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14564 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14563 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14562 CRITICAL POC Act Now

An issue was discovered in libthulac.so in THULAC through 2018-02-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Thulac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14551 CRITICAL POC Act Now

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-14531 CRITICAL POC Act Now

An issue was discovered in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14515 CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-14514 CRITICAL POC Act Now

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11757 CRITICAL PATCH Act Now

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
6.9%
CVE-2018-11756 CRITICAL PATCH Act Now

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker PHP Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-1999022 CRITICAL Act Now

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Information Disclosure Html Quickform Civicrm
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-1999019 CRITICAL PATCH Act Now

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-1999010 CRITICAL PATCH Act Now

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-14532 CRITICAL Act Now

An issue was discovered in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-6678 CRITICAL Act Now

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mcafee Web Gateway
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2018-6677 CRITICAL Act Now

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mcafee Web Gateway
NVD
CVSS 3.1
9.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy