Skip to main content
CVE-2018-6333 CRITICAL PATCH Act Now

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Nuclide
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-6331 CRITICAL PATCH Act Now

Buck parser-cache command loads/saves state using Java serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization RCE Buck
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-6342 CRITICAL PATCH Act Now

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Command Injection React Dev Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2018-6334 CRITICAL PATCH Act Now

Multipart-file uploads call variables to be improperly registered in the global scope. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-18602 CRITICAL Act Now

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 360 Outdoor Firmware 180 Outdoor Firmware 360 Indoor Firmware 180 Indoor Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-17191 CRITICAL Act Now

Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Netbeans
NVD
CVSS 3.0
9.8
EPSS
7.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy