Skip to main content
CVE-2018-15152 CRITICAL POC PATCH THREAT Act Now

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
25.9%
CVE-2018-15153 HIGH POC PATCH THREAT This Week

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Openemr
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
61.6%
CVE-2018-15151 HIGH POC PATCH This Week

SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-15150 HIGH POC PATCH This Week

SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-15149 HIGH POC PATCH This Week

SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-15148 HIGH POC PATCH This Week

SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-15147 HIGH POC PATCH This Week

SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-15146 HIGH POC PATCH This Week

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-0952 HIGH POC PATCH This Week

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Visual Studio 2015 Visual Studio 2017 Windows 10 +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
6.2%
CVE-2018-8384 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
62.1%
CVE-2018-8355 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
68.2%
CVE-2018-8353 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption RCE Use After Free Buffer Overflow Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
67.7%
CVE-2018-15172 HIGH POC This Week

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr840N Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2018-15138 HIGH POC THREAT This Week

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Path Traversal Ipecs Nms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.9%
CVE-2018-10511 CRITICAL PATCH Act Now

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Control Manager
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2018-10510 CRITICAL PATCH Act Now

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro RCE Path Traversal Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-14007 CRITICAL Act Now

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenserver
NVD
CVSS 3.0
9.8
EPSS
56.1%
CVE-2018-11247 CRITICAL Act Now

The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE SAP Bwise
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-8302 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server
NVD
CVSS 3.0
9.8
EPSS
25.5%
CVE-2018-8273 CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Sql Server
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2018-10369 CRITICAL Act Now

A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Win 240 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0427 HIGH This Week

A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Application Policy Infrastructure Controller Enterprise Module
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2018-8414 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 1703 Windows 10 1709 Windows 10 1803 +2
NVD
CVSS 3.1
8.8
EPSS
74.0%
CVE-2018-8397 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 7 Windows Server 2008
NVD
CVSS 3.0
8.8
EPSS
67.9%
CVE-2018-8376 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Powerpoint
NVD
CVSS 3.0
8.8
EPSS
18.2%
CVE-2018-8350 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server
NVD
CVSS 3.0
8.8
EPSS
18.6%
CVE-2018-8349 HIGH This Week

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.8
EPSS
22.7%
CVE-2018-8346 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE Windows 7 Windows Server 2008
NVD
CVSS 3.0
8.8
EPSS
18.8%
CVE-2018-8344 HIGH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.8
EPSS
21.8%
CVE-2018-15156 HIGH PATCH This Week

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Command Injection Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
10.2%
CVE-2018-15155 HIGH PATCH This Week

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Command Injection Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
10.2%
CVE-2018-15154 HIGH PATCH This Week

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Command Injection Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
10.2%
CVE-2018-1455 HIGH This Week

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-6973 HIGH This Week

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption VMware Buffer Overflow Fusion Workstation
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0418 HIGH This Week

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ios Xr
NVD
CVSS 3.1
8.6
EPSS
4.0%
CVE-2018-0410 HIGH This Week

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Web Security Appliance
NVD
CVSS 3.0
8.6
EPSS
4.1%
CVE-2018-8357 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Internet Explorer Edge
NVD
CVSS 3.0
8.3
EPSS
7.8%
CVE-2018-14722 HIGH This Week

An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Btrfsmaintenance
NVD
CVSS 3.0
8.1
EPSS
3.0%
CVE-2018-8412 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Office For Mac
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8406 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +5
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2018-8405 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +8
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2018-8401 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-8400 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-8379 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Excel 2013 Rt
NVD
CVSS 3.0
7.8
EPSS
17.1%
CVE-2018-8375 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Excel Viewer Office +1
NVD
CVSS 3.1
7.8
EPSS
16.2%
CVE-2018-8347 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8343 HIGH This Week

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8342 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Microsoft Buffer Overflow Windows 7 Windows Server 2008
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0419 HIGH This Week

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-0409 HIGH This Week

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
7.5
EPSS
3.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy