Skip to main content
CVE-2015-8813 HIGH POC PATCH THREAT Act Now

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.8%.

SSRF Umbraco
NVD GitHub
CVSS 3.0
8.2
EPSS
82.8%
Threat
5.6
CVE-2016-10206 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zoneminder
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-5356 HIGH POC PATCH This Week

Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-10205 HIGH POC This Week

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Zoneminder
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2016-7408 HIGH PATCH This Week

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Dropbear Ssh
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-2290 HIGH This Week

On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Mcollective Puppet Agent
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-8814 HIGH PATCH This Week

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Umbraco
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-7969 HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2016-7972 HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2017-5613 HIGH This Week

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cgiecho Cgiemail
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-5193 HIGH PATCH This Week

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-5194 HIGH PATCH This Week

Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Irssi Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-10065 HIGH PATCH This Week

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Imagemagick Leap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7970 HIGH PATCH This Week

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-5196 HIGH PATCH This Week

Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Irssi
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5195 HIGH PATCH This Week

Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Irssi
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5835 HIGH PATCH This Week

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-5836 HIGH PATCH This Week

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8236 HIGH PATCH This Week

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lenovo Thinkserver Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3127 HIGH This Week

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Good Control Server
NVD
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy