Skip to main content
CVE-2018-3953 HIGH POC THREAT Act Now

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
13.3%
CVE-2018-2913 CRITICAL POC PATCH Act Now

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Memory Corruption Microsoft Buffer Overflow Goldengate
NVD
CVSS 3.0
10.0
EPSS
4.2%
CVE-2018-18450 CRITICAL POC Act Now

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15616 CRITICAL POC Act Now

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Avaya Aura System Platform
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-10824 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.5%
CVE-2018-18427 CRITICAL POC Act Now

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-3245 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Weblogic Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.3%
CVE-2018-10933 CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux Debian Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
91.8%
CVE-2018-18444 HIGH POC This Week

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16232 HIGH POC PATCH This Week

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ipfire
NVD
CVSS 3.1
8.8
EPSS
7.8%
CVE-2018-10823 HIGH POC THREAT This Week

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dwr 116 Firmware Dwr 512 Firmware +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.2%
CVE-2018-18436 HIGH POC This Week

JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Jtbc Php
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-18432 HIGH POC This Week

An issue was discovered in DESTOON B2B 7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Destoon B2B
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18426 HIGH POC This Week

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP S Cms
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18422 HIGH POC This Week

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Usualtoolcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10822 HIGH POC THREAT This Week

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
39.3%
CVE-2018-3213 HIGH POC PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Docker Weblogic Server
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-2914 HIGH POC PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Null Pointer Dereference Denial Of Service Goldengate
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-2912 HIGH POC PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Null Pointer Dereference Denial Of Service Goldengate
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-3955 HIGH POC This Week

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.8%
CVE-2018-3954 HIGH POC This Week

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2018-3238 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.0
6.9
EPSS
4.6%
CVE-2018-12823 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2018-12822 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Use After Free Denial Of Service Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
8.0%
CVE-2018-12814 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-12813 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-7076 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2018-18408 CRITICAL PATCH Act Now

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Tcpreplay Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-17897 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-17895 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-17893 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-3259 CRITICAL PATCH Act Now

Vulnerability in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-3252 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
28.0%
CVE-2018-3201 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-3197 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-3191 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
63.2%
CVE-2018-18409 MEDIUM POC This Month

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpflow Fedora +1
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-18407 MEDIUM POC This Month

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-3167 MEDIUM POC PATCH THREAT This Month

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Management Pack
NVD
CVSS 3.0
5.3
EPSS
17.1%
CVE-2018-3294 CRITICAL PATCH Act Now

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
9.0
EPSS
2.3%
CVE-2018-3183 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2018-15402 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Enterprise Network Virtualization Software
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18433 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18431 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18430 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-17899 HIGH This Week

LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Laquis Scada
NVD
CVSS 3.0
8.8
EPSS
8.1%
CVE-2018-3258 HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Connector J
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-0378 HIGH This Week

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
8.6
EPSS
4.5%
CVE-2018-3298 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3297 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy