Skip to main content
CVE-2017-6361 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.5%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
90.5%
Threat
6.2
CVE-2017-6360 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.0%
Threat
5.9
CVE-2017-6359 CRITICAL POC THREAT Emergency

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.4%.

Qnap Command Injection Qts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
61.4%
Threat
5.3
CVE-2014-7279 CRITICAL POC THREAT Emergency

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.6%.

Privilege Escalation Konke Smart Plug Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
51.6%
Threat
5.0
CVE-2014-8731 CRITICAL Emergency

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.1% and no vendor patch available.

Deserialization PHP Phpmemcachedadmin
NVD
CVSS 3.0
9.8
EPSS
47.1%
CVE-2017-6517 CRITICAL POC THREAT Emergency

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.7%.

RCE Microsoft Skype
NVD
CVSS 3.0
9.8
EPSS
19.7%
Threat
4.1
CVE-2017-6895 CRITICAL POC Act Now

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Usb Pratirodh
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2015-5729 CRITICAL POC Act Now

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Nt14U Firmware X14J Firmware X14H Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-5538 CRITICAL PATCH Act Now

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-5897 CRITICAL PATCH Act Now

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2016-5757 CRITICAL Act Now

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2015-0855 CRITICAL PATCH Act Now

The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pitivi
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-8626 CRITICAL PATCH Act Now

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-6950 CRITICAL Act Now

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Gui For Windows
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-4166 CRITICAL Act Now

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Key Trustee Server
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-5206 CRITICAL PATCH Act Now

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Linux Authentication Bypass Firejail
NVD GitHub
CVSS 3.0
9.0
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy