Skip to main content
CVE-2018-16462 CRITICAL POC PATCH Act Now

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Apex Publish Static Files
NVD
CVSS 3.1
10.0
EPSS
7.0%
CVE-2018-16461 CRITICAL POC PATCH Act Now

A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Libnmap
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-14558 CRITICAL POC KEV THREAT Act Now

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware Ac9 Firmware Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2018-18835 CRITICAL POC Act Now

upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Doccms
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-18834 CRITICAL POC Act Now

An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18832 CRITICAL POC Act Now

admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dkcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18822 CRITICAL POC Act Now

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi New Media
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-8858 CRITICAL Act Now

If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vgo Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18830 CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
CVSS 3.0
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy