Skip to main content
CVE-2018-7633 CRITICAL POC Act Now

Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Epicentro
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-7631 CRITICAL POC Act Now

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Epicentro
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-18197 CRITICAL POC Act Now

An issue was discovered in libgig 4.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libgig
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-18084 CRITICAL POC Act Now

An issue was discovered in DuomiCMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Duomicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2018-18083 CRITICAL POC Act Now

An issue was discovered in DuomiCMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Duomicms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-18075 CRITICAL POC Act Now

WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wikidforum
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-14649 CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-18200 CRITICAL Act Now

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Redaxo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-17963 CRITICAL PATCH Act Now

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Qemu Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-14081 CRITICAL Act Now

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dir 809 A1 Firmware Dir 809 A2 Firmware Dir 809 Guestzone Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12474 CRITICAL Act Now

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tar Scm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy