Skip to main content
CVE-2018-8453 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +12
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
69.8%
CVE-2018-12596 CRITICAL POC THREAT Act Now

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ektron Cms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
22.4%
CVE-2018-12542 CRITICAL POC PATCH Act Now

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Vert X
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18202 CRITICAL POC Act Now

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Qlogic 4 Gb Fibre Channel Expansion Card Firmware Qlogic 20 Port 4 8 Gb San Switch Module Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-12456 HIGH POC This Week

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nplug Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12455 HIGH POC This Week

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Nplug Firmware
NVD
CVSS 3.0
8.1
EPSS
5.9%
CVE-2018-18211 HIGH POC This Week

PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-8423 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Buffer Overflow Windows 10 Windows 7 +6
NVD
CVSS 3.0
7.8
EPSS
32.7%
CVE-2018-8411 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.1%
CVE-2018-18061 HIGH POC This Week

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive Filemanager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-8495 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Path Traversal Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.5
EPSS
55.8%
CVE-2018-18062 MEDIUM POC This Month

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Responsive Filemanager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-17784 MEDIUM POC This Month

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sugarcrm
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.4%
CVE-2018-17337 MEDIUM POC This Month

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nplug Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18210 MEDIUM POC This Month

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-18209 MEDIUM POC This Month

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-8006 MEDIUM POC PATCH THREAT This Month

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Activemq
NVD
CVSS 3.1
6.1
EPSS
55.9%
CVE-2018-12544 CRITICAL PATCH Act Now

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Vert X
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-12410 CRITICAL Act Now

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-17915 CRITICAL Act Now

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmeye P2P Cloud Server
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-8500 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Chakracore
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2018-0057 CRITICAL Act Now

On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Juniper Junos
NVD
CVSS 3.0
9.6
EPSS
1.1%
CVE-2018-8533 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8532 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8527 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-0045 HIGH This Week

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-0043 HIGH This Week

Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-13801 HIGH This Week

A vulnerability has been identified in ROX II (All versions < V2.12.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rox Ii Firmware
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-8531 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Azure Internet Of Things Edge +1
NVD
CVSS 3.0
8.8
EPSS
15.2%
CVE-2018-8504 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Web Apps +2
NVD
CVSS 3.0
8.8
EPSS
18.7%
CVE-2018-8502 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Office Office 365 Proplus
NVD
CVSS 3.0
8.8
EPSS
19.8%
CVE-2018-8501 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Powerpoint +1
NVD
CVSS 3.0
8.8
EPSS
18.7%
CVE-2018-8494 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +6
NVD
CVSS 3.0
8.8
EPSS
22.2%
CVE-2018-8490 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
8.4
EPSS
4.1%
CVE-2018-8489 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.4
EPSS
4.1%
CVE-2018-0052 HIGH This Week

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
8.1
EPSS
4.9%
CVE-2018-0044 HIGH This Week

An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-12152 HIGH This Week

Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Graphics Driver
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-12131 HIGH PATCH This Week

Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Intel Privilege Escalation Client Nvme Datacenter Nvme Rapid Storage Technology
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8497 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8484 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8432 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Viewer Office Office 365 Proplus +7
NVD
CVSS 3.0
7.8
EPSS
19.6%
CVE-2018-8413 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
46.4%
CVE-2018-8329 HIGH PATCH This Week

An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8265 HIGH PATCH This Week

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.0
7.8
EPSS
19.6%
CVE-2018-12173 HIGH This Week

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Denial Of Service Information Disclosure Intel +14
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2018-13789 HIGH This Week

An issue was discovered in Descor Infocad FM before 3.1.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infocad Fm
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-0062 HIGH This Week

A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-0058 HIGH This Week

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tomcat Juniper Junos
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0049 HIGH This Week

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
2.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy