Skip to main content
CVE-2017-6444 HIGH POC THREAT Act Now

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
18.1%
CVE-2017-6823 HIGH POC This Week

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fiyo Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.8%
CVE-2017-5624 CRITICAL POC Act Now

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Oxygenos
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2017-5626 CRITICAL POC Act Now

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oxygenos
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-6819 MEDIUM POC PATCH THREAT This Month

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

WordPress CSRF PHP
NVD GitHub
CVSS 3.0
6.5
EPSS
13.4%
CVE-2017-6814 MEDIUM POC PATCH This Month

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
2.4%
CVE-2017-6818 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress
NVD GitHub
CVSS 3.0
6.1
EPSS
9.3%
CVE-2017-6815 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
6.4%
CVE-2017-6817 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
6.1%
CVE-2017-6820 MEDIUM PATCH This Month

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2014-9645 MEDIUM PATCH This Month

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Busybox
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6816 MEDIUM PATCH This Month

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass PHP Debian Linux
NVD GitHub
CVSS 3.0
4.9
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy