Skip to main content
CVE-2018-15727 CRITICAL POC PATCH THREAT Act Now

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Grafana Authentication Bypass Ceph Storage
NVD GitHub
CVSS 3.0
9.8
EPSS
64.3%
CVE-2018-7790 CRITICAL Act Now

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-7791 CRITICAL Act Now

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2018-14805 CRITICAL Act Now

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Esoms
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-12829 CRITICAL Act Now

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Creative Cloud
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-12828 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12825 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12811 CRITICAL Act Now

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-12810 CRITICAL Act Now

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2018-12808 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Adobe RCE Buffer Overflow Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
7.5%
CVE-2018-15882 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Joomla
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-16115 CRITICAL PATCH Act Now

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Akka
NVD
CVSS 3.0
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy