Skip to main content
CVE-2018-1000861 CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Openshift Container Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
98.5%
CVE-2018-19991 CRITICAL POC Act Now

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Verynginx
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-15805 CRITICAL Act Now

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Prizmdoc
NVD
CVSS 3.0
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy