Skip to main content
CVE-2018-15708 CRITICAL POC THREAT Emergency

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Xi
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.4%
CVE-2018-19281 CRITICAL PATCH Act Now

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5495 CRITICAL Act Now

All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Storagegrid Webscale
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-9580 CRITICAL Act Now

A Elevation of privilege vulnerability in the HTC bootloader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2018-8476 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Microsoft RCE Buffer Overflow Windows Server 2008 Windows Server 2012 +2
NVD
CVSS 3.0
9.8
EPSS
63.3%
CVE-2018-17472 CRITICAL Act Now

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
9.6
EPSS
1.5%
CVE-2018-17462 CRITICAL Act Now

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
9.6
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy