Skip to main content
CVE-2018-16709 CRITICAL POC Act Now

Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docucentre V 3065 Firmware Apeosport V C4475 Firmware Apeosport Vi C3371 Firmware Apeosport V C3375 Firmware +5
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-16460 CRITICAL POC PATCH Act Now

A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Ps
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-16657 CRITICAL POC Act Now

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service RCE Debian Linux Kamailio
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-15474 CRITICAL POC Act Now

CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Information Disclosure PHP Dokuwiki
NVD GitHub
CVSS 3.0
9.6
EPSS
3.3%
CVE-2018-15486 CRITICAL POC Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Group Controller Firmware
NVD
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-16710 CRITICAL POC Act Now

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Octoprint
NVD GitHub
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-1789 CRITICAL PATCH Act Now

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Api Connect
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2018-15484 CRITICAL Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Group Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-1567 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0645 CRITICAL Act Now

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP Mtappjquery
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-15485 CRITICAL Act Now

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Group Controller Firmware
NVD
CVSS 3.0
9.1
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy