Skip to main content
CVE-2018-2913 CRITICAL POC PATCH Act Now

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Memory Corruption Microsoft Buffer Overflow Goldengate
NVD
CVSS 3.0
10.0
EPSS
4.2%
CVE-2018-18450 CRITICAL POC Act Now

apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15616 CRITICAL POC Act Now

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Avaya Aura System Platform
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-10824 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.5%
CVE-2018-18427 CRITICAL POC Act Now

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-3245 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Weblogic Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.3%
CVE-2018-10933 CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux Debian Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
91.8%
CVE-2018-12823 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2018-12822 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Use After Free Denial Of Service Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
8.0%
CVE-2018-12814 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-12813 CRITICAL Act Now

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Digital Editions
NVD
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-7076 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
12.3%
CVE-2018-18408 CRITICAL PATCH Act Now

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Tcpreplay Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-17897 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-17895 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2018-17893 CRITICAL Act Now

LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Laquis Scada
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-3259 CRITICAL PATCH Act Now

Vulnerability in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-3252 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
28.0%
CVE-2018-3201 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-3197 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-3191 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
63.2%
CVE-2018-3294 CRITICAL PATCH Act Now

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
9.0
EPSS
2.3%
CVE-2018-3183 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
9.0
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy