Most Exploitable CVEs of 2018

CVE-2018-6574

7.8 HIGH

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang...
about 3 years ago

CVE-2018-10933

9.1 CRITICAL

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication,...
over 2 years ago

CVE-2018-7600

9.8 CRITICAL

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems...
almost 3 years ago

CVE-2018-15473

5.3 MEDIUM

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has...
over 2 years ago

CVE-2018-2628

9.8 CRITICAL

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0,...
almost 3 years ago

CVE-2018-6389

7.5 HIGH

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from...
about 3 years ago

CVE-2018-11776

8.1 HIGH

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention...
over 2 years ago

CVE-2018-11235

7.8 HIGH

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file,...
almost 3 years ago

CVE-2018-9995

9.8 CRITICAL

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the...
almost 3 years ago

CVE-2018-4878

9.8 CRITICAL

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media...
about 3 years ago