Skip to main content
CVE-2014-8361 CRITICAL POC KEV THREAT Emergency

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.0%
Threat
7.8
CVE-2015-3435 CRITICAL Act Now

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Samsung Samsung Security Manager
NVD
CVSS 2.0
10.0
EPSS
8.4%
CVE-2015-3446 CRITICAL PATCH Act Now

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Unified Security Management
NVD
CVSS 2.0
9.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy