Skip to main content
CVE-2018-17463 HIGH POC KEV THREAT Act Now

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
84.6%
CVE-2018-15710 HIGH POC THREAT Act Now

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nagios Xi
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
44.1%
CVE-2018-15711 HIGH POC THREAT This Week

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nagios Xi
NVD
CVSS 3.0
8.8
EPSS
36.0%
CVE-2018-15709 HIGH POC THREAT This Week

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nagios Xi
NVD
CVSS 3.0
8.8
EPSS
21.0%
CVE-2018-7358 HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
89.6%
CVE-2018-7357 HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
87.9%
CVE-2018-6065 HIGH POC KEV THREAT This Week

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
60.3%
CVE-2018-6064 HIGH POC This Week

Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.9%
CVE-2018-19277 HIGH POC PATCH This Week

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.8%
CVE-2018-19271 HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-8544 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE Use After Free Windows 10 +7
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.6%
CVE-2018-8584 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-8550 HIGH POC PATCH This Week

An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.3%
CVE-2018-19278 HIGH POC PATCH This Week

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Asterisk
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-8552 HIGH POC PATCH THREAT This Week

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure Buffer Overflow Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
51.0%
CVE-2018-9537 HIGH PATCH This Week

In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-9535 HIGH This Week

In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9534 HIGH This Week

In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9533 HIGH This Week

In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9532 HIGH This Week

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9530 HIGH This Week

In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9529 HIGH This Week

In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9528 HIGH This Week

In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9521 HIGH PATCH This Week

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6083 HIGH This Week

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-6074 HIGH This Week

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6073 HIGH This Week

A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-6072 HIGH This Week

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-6071 HIGH This Week

An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6067 HIGH This Week

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6063 HIGH This Week

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6062 HIGH This Week

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-6060 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-6057 HIGH This Week

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17474 HIGH This Week

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-17469 HIGH This Week

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17466 HIGH This Week

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-17465 HIGH This Week

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-8609 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Dynamics 365
NVD
CVSS 3.0
8.8
EPSS
8.7%
CVE-2018-8582 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office 365 Proplus Outlook Outlook Rt +1
NVD
CVSS 3.0
8.8
EPSS
18.6%
CVE-2018-8450 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
8.8
EPSS
16.1%
CVE-2018-8256 HIGH PATCH This Week

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Microsoft Powershell Archive Powershell Core Windows 10 +7
NVD
CVSS 3.0
8.8
EPSS
22.6%
CVE-2018-9545 HIGH PATCH This Week

In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9536 HIGH This Week

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-9531 HIGH This Week

In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-9527 HIGH PATCH This Week

In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-9525 HIGH PATCH This Week

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9524 HIGH PATCH This Week

In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Microsoft XSS Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9523 HIGH PATCH This Week

In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Deserialization Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9522 HIGH PATCH This Week

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy