Skip to main content
CVE-2018-5384 CRITICAL POC Act Now

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL Infinity
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2018-14579 CRITICAL POC Act Now

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Golemcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-8859 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2018-10627 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2018-8851 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2018-8855 CRITICAL Act Now

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartserver 1 Firmware Smartserver 2 Firmware I Lon 100 Firmware I Lon 600 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2018-10628 CRITICAL PATCH Act Now

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Stack Overflow Intouch 2014 Intouch 2017
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-13385 CRITICAL Act Now

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Sourcetree
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10600 CRITICAL Act Now

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE RCE Acselerator Architect
NVD
CVSS 3.0
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy