Skip to main content
CVE-2016-8735 CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Oracle Tomcat RCE
NVD
CVSS 3.1
9.8
EPSS
93.8%
Threat
7.8
CVE-2017-7237 CRITICAL POC THREAT Emergency

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

Information Disclosure Spiceworks
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-7575 CRITICAL POC Act Now

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-6809 CRITICAL PATCH Act Now

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache RCE Nutch +1
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2017-3834 CRITICAL Act Now

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Aironet Access Point Firmware
NVD
CVSS 3.1
9.8
EPSS
6.2%
CVE-2017-0305 CRITICAL Act Now

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ssl Intercept Iapp
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2015-8965 CRITICAL PATCH Act Now

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Privilege Escalation Jviews Data Integrator
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2017-7576 CRITICAL Act Now

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Horizon Wireless Radio Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-7574 CRITICAL Act Now

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy