Skip to main content
CVE-2017-7402 CRITICAL POC Act Now

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pixie
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.3%
CVE-2016-10312 CRITICAL POC Act Now

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Al3G Firmware Al5000Ac Firmware Al59300 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2017-5949 CRITICAL Act Now

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Denial Of Service Safari
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2017-7410 CRITICAL Act Now

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Websitebaker
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2014-3927 CRITICAL PATCH Act Now

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Mrlg4Php
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5642 CRITICAL Act Now

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ambari
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2014-3928 CRITICAL PATCH Act Now

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lg
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy