Skip to main content
CVE-2018-3785 CRITICAL POC Act Now

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Dummy Commit
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-3784 CRITICAL POC Act Now

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Deserialization Cryo
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2018-3783 CRITICAL POC PATCH Act Now

A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Privilege Escalation Flintcms
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-15482 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-14982 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2018-14981 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2018-15353 CRITICAL Act Now

A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow 24F2Xg Router Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-15350 CRITICAL Act Now

Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 24F2Xg Router Firmware
NVD
CVSS 3.0
9.8
EPSS
4.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy