Skip to main content
CVE-2018-3953 HIGH POC THREAT Act Now

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
13.3%
CVE-2018-18444 HIGH POC This Week

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16232 HIGH POC PATCH This Week

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ipfire
NVD
CVSS 3.1
8.8
EPSS
7.8%
CVE-2018-10823 HIGH POC THREAT This Week

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dwr 116 Firmware Dwr 512 Firmware +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.2%
CVE-2018-18436 HIGH POC This Week

JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Jtbc Php
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-18432 HIGH POC This Week

An issue was discovered in DESTOON B2B 7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Destoon B2B
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18426 HIGH POC This Week

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP S Cms
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-18422 HIGH POC This Week

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Usualtoolcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10822 HIGH POC THREAT This Week

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dwr 116 Firmware Dir 140L Firmware Dir 640L Firmware +5
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
39.3%
CVE-2018-3213 HIGH POC PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Docker Weblogic Server
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-2914 HIGH POC PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Null Pointer Dereference Denial Of Service Goldengate
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-2912 HIGH POC PATCH This Week

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Null Pointer Dereference Denial Of Service Goldengate
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-3955 HIGH POC This Week

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.8%
CVE-2018-3954 HIGH POC This Week

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2018-15402 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Enterprise Network Virtualization Software
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17899 HIGH This Week

LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Laquis Scada
NVD
CVSS 3.0
8.8
EPSS
8.1%
CVE-2018-3258 HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Connector J
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-0378 HIGH This Week

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
8.6
EPSS
4.5%
CVE-2018-3298 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3297 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3296 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3295 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2018-3293 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3292 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3291 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3290 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3289 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3288 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3287 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-2909 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2018-3253 HIGH PATCH This Week

Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Manager). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Oracle Denial Of Service Virtual Directory
NVD
CVSS 3.0
8.5
EPSS
1.5%
CVE-2018-3209 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 3.1
8.3
EPSS
2.7%
CVE-2018-3169 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +11
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2018-3149 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
8.3
EPSS
7.2%
CVE-2018-2911 HIGH PATCH This Week

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Authentication Bypass Glassfish Server
NVD
CVSS 3.0
8.3
EPSS
1.9%
CVE-2018-3299 HIGH PATCH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Text
NVD
CVSS 3.0
8.2
EPSS
1.8%
CVE-2018-3243 HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2018-3242 HIGH PATCH This Week

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2018-3235 HIGH PATCH This Week

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Manager
NVD
CVSS 3.0
8.2
EPSS
2.1%
CVE-2018-3204 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-3196 HIGH PATCH This Week

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dashboard). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Partner Management
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3190 HIGH PATCH This Week

Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Intelligence
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3189 HIGH PATCH This Week

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3188 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3146 HIGH PATCH This Week

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Ilearning
NVD
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-3138 HIGH PATCH This Week

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass File Upload Application Object Library
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3011 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-3273 HIGH PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.0
8.1
EPSS
2.7%
CVE-2018-3128 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-0417 HIGH This Week

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Wireless Lan Controller Software Wireless Lan Controller
NVD
CVSS 3.1
7.8
EPSS
3.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy