Skip to main content
CVE-2018-17411 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Data Quality Suite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-17566 CRITICAL POC Act Now

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Thinkphp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-3972 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Monero
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-17538 CRITICAL POC Act Now

Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Evidence Sync
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-17570 CRITICAL PATCH Act Now

utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-17569 CRITICAL PATCH Act Now

network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-17568 CRITICAL PATCH Act Now

utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Viabtc Exchange Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-15531 CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
CVSS 3.0
9.8
EPSS
27.9%
CVE-2018-17410 CRITICAL Act Now

Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Horus Cms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-14823 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow V Server Firmware
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-14819 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14817 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14815 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14813 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow V Server Firmware
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-14811 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-14809 CRITICAL Act Now

Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service V Server Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-8856 CRITICAL Act Now

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass E Alert Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-8850 CRITICAL Act Now

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE E Alert Firmware
NVD
CVSS 3.0
9.8
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy