Skip to main content
CVE-2018-8955 CRITICAL POC Act Now

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack RCE Gravityzone
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-18476 CRITICAL POC PATCH Act Now

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Mysql Binuuid Rails
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-15751 CRITICAL PATCH Act Now

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-13342 CRITICAL Act Now

The server API in the Anda app relies on hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anda
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11792 CRITICAL Act Now

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-17903 CRITICAL Act Now

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saga1 L8B Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy