Skip to main content
CVE-2017-6884 HIGH POC KEV THREAT Act Now

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Zyxel
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
92.0%
Threat
7.5
CVE-2017-7571 HIGH POC This Week

public/rolechangeadmin in Faveo 1.9.3 allows CSRF. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Faveo Helpdesk
NVD GitHub Exploit-DB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2016-10320 HIGH POC This Week

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Textract
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-7566 HIGH POC PATCH This Week

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Mybb
NVD GitHub
CVSS 3.0
7.7
EPSS
0.6%
CVE-2017-7565 HIGH This Week

Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Splunk RCE Hadoop Connect
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-6968 HIGH This Week

GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Checker Atm Security
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-4964 HIGH PATCH This Week

Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Microsoft Code Injection Bosh Azure Cpi
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-7569 HIGH This Week

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Vbulletin
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2017-7572 HIGH This Week

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Backintime
NVD GitHub
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-3832 HIGH This Week

A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Privilege Escalation Wireless Lan Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-2675 HIGH This Week

Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9219 HIGH This Week

A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Wireless Lan Controller Firmware Wireless Lan Controller Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7192 HIGH PATCH This Week

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Starscream
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-5887 HIGH PATCH This Week

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Starscream
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6130 HIGH This Week

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ssl Intercept Iapp Ssl Orchestrator
NVD
CVSS 3.0
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy