Skip to main content
CVE-2018-20325 CRITICAL POC Act Now

There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python Definitions
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-19323 CRITICAL POC KEV THREAT Act Now

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine Gigabyte App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
9.8
EPSS
8.5%
CVE-2018-20318 CRITICAL POC Act Now

An issue was discovered in weixin-java-tools v3.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wxjava
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-18009 CRITICAL Act Now

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 140L Firmware Dir 640L Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-18008 CRITICAL Act Now

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware Dir 140L Firmware Dir 640L Firmware +4
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-18007 CRITICAL Act Now

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-20338 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
11.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy