Skip to main content
CVE-2018-18619 CRITICAL POC Act Now

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Comment System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-8788 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-8787 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
8.4%
CVE-2018-8786 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2018-8785 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-8784 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-19692 CRITICAL POC Act Now

An issue was discovered in tp5cms through 2017-05-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tp5Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15981 CRITICAL Act Now

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-18649 CRITICAL Act Now

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE
NVD
CVSS 3.0
9.8
EPSS
6.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy