Skip to main content
CVE-2016-9269 CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
6.8%
CVE-2017-6095 CRITICAL POC Act Now

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
6.9%
CVE-2016-9053 CRITICAL POC Act Now

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Database Server
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2016-9051 CRITICAL POC Act Now

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Database Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2017-6070 CRITICAL POC Act Now

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Form Builder Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-5959 CRITICAL PATCH Act Now

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Genixcms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy