Skip to main content
CVE-2018-18488 CRITICAL POC Act Now

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18486 CRITICAL POC Act Now

An issue was discovered in PHPSHE 1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-5186 CRITICAL POC Act Now

Memory safety bugs present in Firefox 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-18461 CRITICAL POC Act Now

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress RCE PHP Arigato Autoresponder And Newsletter
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-12387 CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
9.1
EPSS
9.6%
CVE-2018-14807 CRITICAL Act Now

A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Pac Control
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-1822 CRITICAL PATCH Act Now

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Flashsystem 900 Firmware Flashsystem 840 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-5188 CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +9
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-5187 CRITICAL Act Now

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +2
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5156 CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-12378 CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12377 CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12376 CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-12369 CRITICAL Act Now

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy