Skip to main content
CVE-2018-15152 CRITICAL POC PATCH THREAT Act Now

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
25.9%
CVE-2018-10511 CRITICAL PATCH Act Now

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Control Manager
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2018-10510 CRITICAL PATCH Act Now

A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro RCE Path Traversal Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-14007 CRITICAL Act Now

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenserver
NVD
CVSS 3.0
9.8
EPSS
56.1%
CVE-2018-11247 CRITICAL Act Now

The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE SAP Bwise
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-8302 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server
NVD
CVSS 3.0
9.8
EPSS
25.5%
CVE-2018-8273 CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Sql Server
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2018-10369 CRITICAL Act Now

A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Win 240 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy