Skip to main content
CVE-2015-2794 CRITICAL POC PATCH THREAT Act Now

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.3%.

Privilege Escalation
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
92.3%
Threat
6.2
CVE-2017-5677 CRITICAL Act Now

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Html Ajax
NVD
CVSS 3.0
9.8
EPSS
6.3%
CVE-2016-7446 CRITICAL Act Now

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-10150 CRITICAL PATCH Act Now

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Privilege Escalation Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2016-7447 CRITICAL Act Now

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-5879 CRITICAL PATCH Act Now

An issue was discovered in Exponent CMS 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy