Skip to main content
CVE-2017-6334 HIGH POC KEV THREAT Act Now

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
89.2%
Threat
7.4
CVE-2017-6351 HIGH POC This Week

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Wipg 1500 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
9.0%
CVE-2017-6411 HIGH POC This Week

Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2730U Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-5633 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
1.4%
CVE-2016-10244 HIGH POC This Week

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freetype Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-6497 HIGH PATCH This Week

An issue was discovered in ImageMagick 6.9.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-5999 HIGH PATCH This Week

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Syspass
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy