Skip to main content
CVE-2018-17888 CRITICAL POC PATCH THREAT Act Now

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Nuuo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
29.6%
CVE-2018-17900 CRITICAL Act Now

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fcj Firmware Fcn 100 Firmware Fcn Rtu Firmware Fcn 500 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-17894 CRITICAL PATCH Act Now

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Nuuo Cms
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-17890 CRITICAL PATCH Act Now

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Nuuo Cms
NVD
CVSS 3.1
9.8
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy