Skip to main content
CVE-2017-1001000 HIGH POC THREAT Act Now

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.9%.

WordPress PHP Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
78.9%
Threat
5.4
CVE-2014-1677 HIGH POC THREAT Act Now

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.1%.

Information Disclosure Tc7200 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
28.1%
CVE-2017-7402 CRITICAL POC Act Now

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pixie
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.3%
CVE-2017-7397 HIGH POC THREAT Act Now

BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.9%.

Denial Of Service Backbox Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
19.9%
CVE-2016-10312 CRITICAL POC Act Now

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2016-10314 HIGH POC This Week

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-10313 HIGH POC This Week

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-10317 HIGH POC This Week

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-5923 HIGH POC PATCH This Week

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10211 HIGH POC PATCH This Week

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10210 HIGH POC PATCH This Week

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5924 HIGH POC PATCH This Week

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5949 CRITICAL Act Now

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Denial Of Service Safari
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-10316 MEDIUM POC This Month

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10315 MEDIUM POC This Month

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7410 CRITICAL Act Now

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Websitebaker
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2014-3927 CRITICAL PATCH Act Now

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Mrlg4Php
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5642 CRITICAL Act Now

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ambari
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2014-3928 CRITICAL PATCH Act Now

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lg
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-10220 MEDIUM POC This Month

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2017-5951 MEDIUM POC This Month

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10209 MEDIUM POC This Month

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libarchive
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10217 MEDIUM POC This Month

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-10219 MEDIUM POC This Month

The intersect function in base/gxfill.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-10218 MEDIUM POC This Month

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10221 MEDIUM POC This Month

The count_entries function in pdf-layer.c in Artifex Software, Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mupdf
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-6448 HIGH PATCH This Week

The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-6194 HIGH PATCH This Week

The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-7401 HIGH PATCH This Week

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Collectd
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-6181 HIGH This Week

The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2014-3929 HIGH PATCH This Week

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lg
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10226 HIGH This Week

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Information Disclosure Safari
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10222 HIGH This Week

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6441 HIGH PATCH This Week

The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service PHP
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-3930 HIGH This Week

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lg
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2013-7450 HIGH PATCH This Week

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7380 MEDIUM This Month

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-7379 MEDIUM This Month

The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Podofo
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-7378 MEDIUM This Month

The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Podofo
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-5950 MEDIUM This Month

The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Yaml Cpp
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-7383 MEDIUM This Month

The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7382 MEDIUM This Month

The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7381 MEDIUM This Month

The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7400 MEDIUM PATCH This Month

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-5685 LOW Monitor

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc6I7Kyk Bios
NVD
CVSS 3.0
3.9
EPSS
0.1%
CVE-2017-5686 LOW Monitor

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc6I3Syh Bios Nuc6I3Syk Bios
NVD
CVSS 3.0
3.9
EPSS
0.1%
CVE-2017-5684 LOW Monitor

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Stk2Mv64Cc Bios
NVD
CVSS 3.0
3.9
EPSS
0.0%
CVE-2017-7407 LOW PATCH Monitor

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow
NVD GitHub
CVSS 3.1
2.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy