Skip to main content
CVE-2018-12596 CRITICAL POC THREAT Act Now

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ektron Cms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
22.4%
CVE-2018-12542 CRITICAL POC PATCH Act Now

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Vert X
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18202 CRITICAL POC Act Now

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Qlogic 4 Gb Fibre Channel Expansion Card Firmware Qlogic 20 Port 4 8 Gb San Switch Module Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-12544 CRITICAL PATCH Act Now

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Vert X
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-12410 CRITICAL Act Now

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-17915 CRITICAL Act Now

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmeye P2P Cloud Server
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-8500 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Chakracore
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2018-0057 CRITICAL Act Now

On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Juniper Junos
NVD
CVSS 3.0
9.6
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy