Skip to main content
CVE-2018-20062 CRITICAL POC KEV THREAT Emergency

An issue was discovered in NoneCms V1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nonecms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2018-20059 CRITICAL POC PATCH Act Now

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20056 CRITICAL POC Act Now

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow D-Link Dir 619l Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-18810 CRITICAL Act Now

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2018-6703 CRITICAL Act Now

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Agent
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-20060 CRITICAL PATCH Act Now

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Urllib3 Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-1904 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy