Skip to main content
CVE-2018-9866 CRITICAL POC Act Now

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall RCE Command Injection Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-14728 CRITICAL POC THREAT Act Now

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
76.5%
CVE-2018-13416 CRITICAL POC THREAT Act Now

In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XXE Universal Media Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.2%
CVE-2018-14925 CRITICAL Act Now

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Banco
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-3777 CRITICAL PATCH Act Now

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Restforce
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy